ML24197A138

From kanterella
Jump to navigation Jump to search
Privacy Act Systems of Records Notice 89 Fr 58779 July 16 2024
ML24197A138
Person / Time
Issue date: 07/16/2024
From: Jonathan Feibus
NRC/OCIO
To:
References
NRC-2023-0168
Download: ML24197A138 (97)


Text

[7590-01-P]

NUCLEAR REGULATORY COMMISSION

[NRC-2023-0168]

Privacy Act of 1974;

Systems of Records

AGENCY: Nuclear Regulatory Commission.

ACTION: Notice of modified systems of records; request for comment.

SUMMARY

Pursuant to the Privacy Act of 1974 and Office of Management and Budget

(OMB) Circular No. A-108, to ensure the system of records notices remain accurate, the

U.S. Nuclear Regulatory Commission (NRC) staff reviews each notice on a periodic

basis. As a result of this review, the NRC is republishing 16 of its system of records

notices and has made various revisions to ensure that the NRCs notices remain clear,

accurate, and up to date. Three of the syst em noticesNRC 37, Information Security

Files and Associated Records, NRC 44, Employee Fitness Center Records, and NRC

46, Health Emergency Recordsare subject to a 30-day comment period based on the

nature of their revisions. The revisions to these systems are in effect upon this

publication with the exception of the NRC 37, NRC 44 and NRC 46 modifications, which

will go into effect 30 days after this publication. The remaining systems revisions are

minor corrective and administrative changes that do not meet the threshold criteria

established by OMB for either a new or altered system of records. The minor

modifications include updating authorities, system managers, retention schedules, and

various other minor updates, in accordance with OMB Circular A-108.

DATES: Submit comments on revisions and changes by August 19, 2024. Comments

received after this date will be considered if it is practical to do so, but the Commission is able to ensure consideration only for comments received before this date.

ADDRESSES: You may submit comments by any of the following methods; however,

the NRC encourages electronic comment submission through the Federal rulemaking

website:

for Docket ID NRC-2023-0168. Address questions about Docket IDs in Regulations.gov

to Stacy Schumann; telephone: 301-415-0624; email: Stacy.Schumann@nrc.gov. For

technical questions, contact the individual listed in the For Further Information Contact

section of this document.

  • Mail comments to: Office of Administration, Mail Stop: TWFN-7-A60M, U.S.

Nuclear Regulatory Commission, Washington, DC 20555-0001, ATTN: Program

Management, Announcements and Editing Staff.

For additional direction on obtaining information and submitting comments, see

Obtaining Information and Submitting Comments in the SUPPLEMENTARY

INFORMATION section of this document.

FOR FURTHER INFORMATION CONTACT: Sally Hardy, Office of the Chief Information

Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone:

301-415-5607; email: Sally.Hardy@nrc.gov.

SUPPLEMENTARY INFORMATION

I. Obtaining Information and Submitting Comments

A. Obtaining Information

Please refer to Docket ID NRC-2023-0168 when contacting the NRC about the

availability of information for this action. You may obtain publicly available information

related to this action by any of the following methods:

2

search for Docket ID NRC-2023-0168.

  • NRCs Agencywide Documents Access and Management System

(ADAMS): You may obtain publicly available documents online in the ADAMS Public

Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the

search, select Begin Web-based ADAMS Search. For problems with ADAMS, please

contact the NRCs Public Document Room (P DR) reference staff at 1-800-397-4209, at

301-415-4737, or by email to PDR.Resource@nrc.gov.

  • NRCs PDR: The PDR, where you may examine and order copies of publicly

available documents, is open by appointment. To make an appointment to visit the PDR,

please send an email to PDR.Resource@nrc.gov or call 1-800-397-4209 or 301-415-

4737, between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday, except

Federal holidays.

B. Submitting Comments

The NRC encourages electronic comment submission through the Federal

rulemaking website (https://www.regulations.gov). Please include Docket ID NRC-2023-

0168 in your comment submission.

The NRC cautions you not to include ident ifying or contact information that you

do not want to be publicly disclosed in y our comment submission. The NRC will post all

comment submissions at https://www.regulat ions.gov as well as enter the comment

submissions into ADAMS. The NRC does not routinely edit comment submissions to

remove identifying or contact information.

If you are requesting or aggregating comments from other persons for

submission to the NRC, then you should inform those persons not to include identifying

or contact information that they do not w ant to be publicly disclosed in their comment

3 submission. Your request should state that the NRC does not routinely edit comment

submissions to remove such information before making the comment submissions

available to the public or entering the comment into ADAMS.

II. Background

Pursuant to the Privacy Act of 1974 and OMB Circular No. A-108, Federal

Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act,

notice is hereby given that the NRC is republishi ng 16 of its system of records notices. In

12 of those system of records notices, there are revisions that include minor and

administrative changes that do not meet the criter ia for either a new or altered system of

records notice. One system is being republished without any revisions as part of our

review process for ease of use and reference since the last publication in 2019.

The changes in the following three Privacy Act system of records notices do

meet the criteria for an altered system of records:

The NRC is revising NRC 37, Information Security Files and Associated Records.

Modifications include revision of the purpose, categories of records in the system, record

source categories and storage of records.

The NRC is revising NRC 44, Employee Fitness Center Records. Modifications

include removing duplicate system locations.

The NRC is revising NRC 46, Health Emergency Records. Modifications include

revision of the authority for maintenance of the system, categories of individuals

covered, categories of records, record source categories, routine uses and storage of

records.

A report on these revisions has been sent to OMB, the Committee on Homeland

Security and Governmental Affairs of U.S. Senate, and the Committee on Oversight and

Accountability of the U.S. House of Repres entatives, as required by the Privacy Act.

4 If changes are made based on the NRCs review of comments received, the NRC

will publish a subsequent notice.

The text of the report, in its entirety, is attached.

Dated: July 16, 2024.

For the Nuclear Regulatory Commission.

/RA/

Jonathan Feibus, Senior Agency Official for Privacy, Office of the Chief Information Officer.

5 Attachment - Nuclear Regulatory Commission Privacy Act Systems of Records

NRC Systems of Records

25. Oral History ProgramNRC.
26. Transit Subsidy Benefits Program RecordsNRC.
27. Radiation Exposure Information and Reporting System (REIRS) Records

NRC.

32. Office of the Chief Financial Officer Financial Transactions and Debt

Collection Management RecordsNRC.

33. Special Inquiry RecordsNRC.
35. Drug Testing Program RecordsNRC.
36. Employee Locator RecordsNRC.
37. Information Security Files and Associated RecordsNRC.
38. Mailing ListsNRC.
39. Personnel Security Files and Associated RecordsNRC.
40. Facility Security Access Control RecordsNRC.
41. Tort Claims and Personal Property Claims RecordsNRC.
43. Employee Health Center Records NRC.
44. Employee Fitness Center Records NRC.
45. Electronic Credentials for Personal Identity VerificationNRC.
46. Health Emergency RecordsNRC.

These systems of records are maintained by the NRC and contain personal

information about individuals that is retrieved by an individuals name or identifier.

The notice for each system of records states the name and location of the record

system, the authority for and manner of its operation, the categories of individuals that it

covers, the types of records that it contains, the sources of information in those records,

6 and the routine uses of each system of records. Each notice also includes the business

address of the NRC official who will inform interested persons of the procedures

whereby they may gain access to and request amendment of records pertaining to them.

The Privacy Act provides certain safeguards for an individual against an invasion

of personal privacy by requiring Federal agencies to protect records contained in an

agency system of records from unauthorized discl osure and to ensure that information is

current and accurate for its intended use and that adequate safeguards are provided to

prevent misuse of such information.

SYSTEM NAME AND NUMBER:

Oral History ProgramNRC 25.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Office of the Secretary, NRC, One White Flint North, 11555 Rockville Pike,

Rockville, Maryland.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 2161(b) and 44 U.S.C. 3301.

PURPOSE(S) OF THE SYSTEM:

Recorded interviews and transcribed scripts of interviews for providing a history

of the nuclear regulatory program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who volunteer to be interviewed for the purpose of providing

information for a history of the nuclear regulatory program.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records consist of recorded interviews and as needed, transcribed scripts of the

7 interviews.

RECORD SOURCE CATEGORIES:

Information in this system of records is obtained from interviews granted on a

voluntary basis to the Historian.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. For incorporation in publications on the history of the nuclear regulatory

program;

b. To provide information to historians and other researchers;
c. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

d. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

8 minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Maintained on electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information is accessed by the name of the interviewee.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Narrative Histories will be retained under NRCs approved schedule found in the

NUREG 0910 version 4 at 2.22.7.a(1): Record copy maintained by the NRC Historian.

Permanent. Transfer to the National Archives when 20 years old. (Paper records created

before 4/1/2000. ADAMS PDF files and TIFF files (2.22.7.a(4) re cutoff at the close of

the fiscal year. Transfer to the National Archives 5 years after cutoff.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Maintained on an access restricted drive. Access to and use of these records is

limited to those authorized by the Historian or a designee.

SYSTEM MANAGER(S):

NRC Historian, Office of the Secretary, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

9 information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

SYSTEM NAME AND NUMBER:

Transit Subsidy Benefits Program RecordsNRC 26.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Facility and Logistics Branch, Office of Administration, NRC, Two White Flint

North, 11545 Rockville Pike, Rockville, Maryland.

SYSTEM MANAGER(S):

Chief, Facility and Logistics Branch, Division of Facilities and Security, Office of

Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 7905; 26 U.S.C. 132; 31 U.S.C. 3511; 41 CFR 102-74.210; 41 CFR

subtitle F; 41 CFR 102-71.20; Executive Order (E.O.) 9397, as amended by E.O. 13478;

E.O. 13150.

PURPOSE(S) OF THE SYSTEM:

The information contained in this system is used to enroll employees in the

Transit Subsidy Program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

NRC employees who apply for subsidized mass transit costs.

10 CATEGORIES OF RECORDS IN THE SYSTEM:

The records consist of an individuals application to participate in the program

which includes, but is not limited to, the applicant's name, home address, office

telephone number, and information regarding the employee's commuting schedule and

mass transit system(s) used.

RECORD SOURCE CATEGORIES:

NRC employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To provide statistical reports to the city, county, State, and Federal

government agencies;

b. To provide the basis for program approval and issue monthly subsides;
c. A record from this system of records which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

d. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

11 tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

e. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

f. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

g. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

h. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

12 (including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Accessed by name and smart trip card.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained under the National Archives and Records Administrations

General Records Schedule 2.4: Employee Compensation and Benefit Records, Item

130, Transportation subsidy program administrative records. Destroy when 3 years old,

but longer retention is authorized if required for business use. Records are also retained

under General Records Schedule 2.4, item 131, Transportation subsidy program

individual case files. Destroy 2 years after employee participation concludes, but longer

retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Computer files are maintained on a hard drive, access to which is password

protected. Access to and use of these records is limited to those persons whose official

duties require access.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

13 Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

SYSTEM NAME AND NUMBER:

Radiation Exposure Information and Reporting System (REIRS) Records-NRC

27.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemOak Ridge Associated Universities (ORAU), Oak Ridge,

Tennessee (or current contractor facility).

Duplicate systemDuplicate systems exist, in part, regarding employee

exposure records, with the NRCs Radiation Safe ty Officers at Regional office locations

listed in Addendum 1, Part 2, in the Office of Nuclear Reactor Regulations (NRR), the

Office of Nuclear Material Safety and Safeguards (NMSS). The Office of Administration

(ADM), NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland,

maintains the employee dosimeter tracking system.

SYSTEM MANAGER(S):

REIRS Project Manager, Radiation Prot ection Branch, Division of Systems

Analysis, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 7902; 29 U.S.C. 668; 42 U.S.C. 2051, 2073, 2093, 2095, 2111, 2133,

14 2134, and 2201(o); 10 CFR parts 20 and 34; Executive Order (E.O.) 9397, as amended

by E.O. 13478; E.O. 12196, as amended.

PURPOSE(S) OF THE SYSTEM:

REIRS serves as the central repository for all NRC radiation exposure monitoring

records that are recorded and reported pursuant to part 20 of title 10 of the Code of

Federal Regulations (10 CFR) and Regulatory Guide 8.7. This central repository is used

for the oversight of radiation protection po licies and practices at NRC-licensed facilities.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals monitored for radiation exposure while employed by or visiting or

temporarily assigned to certain NRC-licensed facilities; individuals who are exposed to

radiation or radioactive materials in incidents required to be reported under

10 CFR 20.2201-20.2204 and 20.2206 by all NRC licensees; individuals who may have

been exposed to radiation or radioactive materials offsite from a facility, plant installation,

or other place of use of licensed materials, or in unrestricted areas, as a result of an

incident involving byproduct, source, or special nuclear material.

CATEGORIES OF RECORDS IN THE SYSTEM:

These records contain information relating to an individuals name, sex, social

security number, birth date, place and period date of exposure; name and license

number of individuals employer; name and number of licensees reporting the

information; radiation doses or estimates of exposure received during this period, type of

radiation, part(s) or organ(s) exposed, and radionuclide(s) involved.

RECORD SOURCE CATEGORIES:

Information in this system of records comes from licensees; the subject

individual; the individuals employer; the person in charge of the facility where the

individual has been assigned; NRC Form 5, Occupational Exposure Record for a

15 Monitoring Period, or equivalent, contractor reports, and Radiation Safety Officers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To provide data to other Federal and State agencies involved in monitoring

and/or evaluating radiation exposure rece ived by individuals as enumerated in the

paragraph Categories of individual s covered by the system;

b. To return data provided by licensee upon request;
c. A record from this system of records which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

d. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

clearance, license, grant or other benefit;

e. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

necessary to its decision on a matter of hiring or retaining an employee, issuing a

16 security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

f. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

g. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

h. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

i. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

j. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

17 from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on paper and electronic media. The electronic records

maintained in Oak Ridge, TN, are in a cent ralized database management system that is

password protected. Backup tapes of the database are generated and maintained at a

secure, off-site location for disaster recovery purposes. During the processing and data

entry, paper records are temporarily stored in designated business offices that are

locked when not in use and are accessible only to authorized personnel. Upon

completion of data entry and processing, the paper records are stored in an offsite

security storage facility accessib le only to authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are accessed by individual name, social security number, date of birth,

and/or by licensee name or number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records managed using REIRS are scheduled under NRCs NUREG-0910,

Revision 4. Transfer a copy of REIRS data to the National Archives and Records

Administration every 5 years (2.19.16). Retain Personnel monitoring reports and

personnel overexposure reports entered into REIRS, Paper records, are retained under

2.19.14.a(1). Destroy 2 years after data are input into REIRS. ADAMS PDF files, TIFF

files, ADAMS document profiles, and ADAMS digital signature and concurrence data are

retained under 2.19.14.a(4) and are cut off at the end of the fiscal year and destroyed 2

18 years after cutoff. Personnel monitoring repor ts and personnel overexposure reports of

which only selected data are entered into REIRS, records are retained under

2.19.14.b(1). Cut off at end of fiscal year. Transfer to National Archives and Records

Administration (NARA) when 20 years old.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Information maintained at ORAU is accessible by the Office of Nuclear

Regulatory Research (RES) and individuals that have been authorized access by NRC,

including all NRC Radiation Safety Officers and ORAU employees that are directly

involved in the REIRS project. Reports received and reviewed by the NRCs RES, NRR,

NMSS, and Regional offices are in lockabl e file cabinets and bookcases in secured

buildings. A log is maintained of both telephone and written requests for information.

The data maintained in the REIRS database are protected from unauthorized

access by several means. The database server resides in a protected environment with

physical security barriers under keycard access control. Accounts authorizing access to

the server and databases are maintained by the ORAU REIRS system administrator. In

addition, ORAU maintains a computer security firewall that further restricts access to

the ORAU computer network. Authorization for access must be approved by NRC,

ORAU project management, and ORAU computer security. Transmittal of data via the

Internet is protected by data encryption.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

19 information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

SYSTEM NAME AND NUMBER:

Office of the Chief Financial Officer Financial Transactions and Debt Collection

Management RecordsNRC 32.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Office of the Chief Financial Officer, NRC, Two White Flint North, 11545

Rockville Pike, Rockville, Maryland. NRC has an interagency agreement with the U.S.

Treasury, Administrative Resource Center (ARC), Parkersburg, WV, as a Federal

service provider for transactional services in the NRC core financial system since March

2018.

Other systems of records contain information that may duplicate some of the

records in this system. These other systems include, but are not limited to:

NRC-10, Freedom of Information Act (FOIA) and Privacy Act (PA) Request

RecordsNRC;

NRC-18, Office of the Inspector General (OIG) Investigative RecordsNRC;

NRC-19, Official Personnel Training RecordsNRC;

NRC-21, Payroll Accounting RecordsNRC;

NRC-41, Tort Claims and Personal Property Claims RecordsNRC; and

20 GSA/GOVT-4, Contracted Travel Services Program (E-Travel).

SYSTEM MANAGER:

Comptroller, Division of the Comptroller, Office of the Chief Financial Officer,

U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 552a; 5 U.S.C. 5514; 15 U.S.C. 1681; 26 U.S.C. 6103; 31 U.S.C.

chapter 37; 31 U.S.C. 6501-6508; 42 U.S.C. 2201; 42 U.S.C. 5841; 31 CFR 900-904; 10

CFR parts 15, 16, 170, 171; Executive Order (E.O.) 9397, as amended by E.O. 13478;

and E.O. 12731.

PURPOSE(S) OF THE SYSTEM:

Financial Transactions and Debt Collection

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered are those to who the NRC owes/owed money, those who

receive/received a payment from NRC, and those who owe/owed money to the United

States. Individuals receiving payments include, but are not limited to, current and former

employees, contractors, consultants, vendors, and others who travel or perform certain

services for NRC. Individuals owing money include, but are not limited to, those who

have received goods or services from NRC for which there is a charge or fee (NRC

licensees, applicants for NRC licenses, Freedom of Information Act requesters, etc.) and

those who have been overpaid and owe NRC a re fund (current and former employees,

contractors, consultants, vendors, etc.).

CATEGORIES OF RECORDS IN THE SYSTEM:

Information in the system includes, but is not limited to, names, addresses,

telephone numbers, Social Security Numbers (SSN), employee identification number

(EIN), Taxpayer Identification Numbers (TIN), Individual Taxpayer Identification

21 Numbers (ITIN), Data Universal Numbering System (DUNS) number, fee categories,

application and license numbers, contract numbers, vendor numbers, amounts owed,

background and supporting documentation, correspondence concerning claims and

debts, credit reports, and billing and payment histories. The overall agency accounting

system contains data and information integrating accounting functions such as general

ledger, funds control, travel, accounts receivable, accounts payable, property, and

appropriation of funds. Although this system of records contains information on

corporations and other business entities, only those records that contain information

about individuals that is retrieved by the individuals name or other personal identifier are

subject to the Privacy Act.

RECORD SOURCE CATEGORIES:

Record source categories include, but are not limited to, individuals covered by

the system, their attorneys, or other representatives; NRC; collection agencies or

contractors; employing agencies of debtors; and Federal, State, and local agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In accordance with an interagency agreement, the NRC may disclose records to

Treasury ARC as a Federal service provider fo r transactional services in the NRC core

financial system. In addition to the other types of disclosures permitted under subsection

(b) of the Privacy Act, the NRC may disclose information contained in this system of

records without the consent of the subject individual if the disclosure is compatible with

the purpose for which the record was collected under the following routine uses or,

where determined to be appropriate and necessary, the NRC may authorize Treasury

ARC to make the disclosure:

a. To debt collection contractors (31 U.S.C. 3718) or to other Federal agencies

22 such as the Department of the Treasury (Treasury) and Department of Interior (DOI) for

the purpose of collecting and reporting on delinquent debts as authorized by the Debt

Collection Act of 1982 or the Debt Collection Improvement Act (DCIA) of 1996 and the

Digital Accountability and Transparency Act (DATA) of 2014;

b. To Treasury; the Defense Manpower Data Center, Department of Defense; the

United States Postal Service; government corporations; or any other Federal, State, or

local agency to conduct an authorized computer matching program in compliance with

the Privacy Act of 1974, as amended, to identify and locate individuals, including Federal

employees, who are delinquent in their repayment of certain debts owed to the U.S.

Government, including those incurred under certain programs or services administered

by the NRC, in order to collect debts under common law or under the provisions of the

Debt Collection Act of 1982 or the Debt Collection Improvement Act of 1996 and DATA

of 2014 which include by voluntary repayment, administrative or salary offset, and

referral to debt collection contractors;

c. To the Department of Justice, United States Attorney Treasury ARC, or other

Federal agencies for further collection action on any delinquent account when

circumstances warrant;

d. To credit reporting agencies/credit bureaus for the purpose of either adding to

a credit history file or obtaining a credit history file or comparable credit information for

use in the administration of debt collecti on. As authorized by the DCIA, NRC may report

current (not delinquent) as well as delinquent consumer and commercial debt to these

entities in order to aid in the collection of debts, typically by providing an incentive to the

person to repay the debt timely;

e. To any Federal agency where the debtor is employed or receiving some form

of remuneration for the purpose of enabling that agency to collect a debt owed the

23 Federal Government on NRC's behalf by counseling the debtor for voluntary repayment

or by initiating administrative or salary offset procedures, or other authorized debt

collection methods under the provisions of the Debt Collection Act of 1982 or the DCIA

of 1996. Under the DCIA, NRC may garnish non-Federal wages of certain delinquent

debtors so long as required due process proced ures are followed. In these instances,

NRCs notice to the employer will disclose only the information that may be necessary

for the employer to comply with the withholding order;

f. To the Internal Revenue Service (IRS) by computer matching to obtain the

mailing address of a taxpayer for the purpose of locating such taxpayer to collect or to

compromise a Federal claim by NRC against the taxpayer under 26 U.S.C. 6103(m)(2)

and under 31 U.S.C. 3711, 3717, and 3718 or common law. Re-disclosure of a mailing

address obtained from the IRS may be made only for debt collection purposes, including

to a debt collection agent to facilitate the collection or compromise of a Federal claim

under the Debt Collection Act of 1982 or the DCIA of 1996, except that re-disclosure of a

mailing address to a reporting agency is for the limited purpose of obtaining a credit

report on the particular taxpayer. Any mailing address information obtained from the IRS

will not be used or shared for any other NRC purpose or disclosed by NRC to another

Federal, State, or local agency which seeks to locate the same taxpayer for its own debt

collection purposes;

g. To refer legally enforceable debts to the IRS or to Treasurys Debt

Management Services to be offset against the debtor's tax refunds under the Federal

Tax Refund Offset Program;

h. To prepare W-2, 1099, or other forms or electronic submittals, to forward to the

IRS and applicable State and local governments for tax reporting purposes. Under the

provisions of the DCIA, NRC is permitted to provide Treasury with Form 1099-C

24 information on discharged debts so that Treasury may file the form on NRCs behalf with

the IRS. W-2 and 1099 Forms contain information on items to be considered as income

to an individual, including certain travel related payments to employees, payments made

to persons not treated as employees (e.g., fees to consultants and experts), and

amounts written-off as legally or administratively uncollectible, in whole or in part;

i. To banks enrolled in the Treasury Credit Card Network to collect a payment or

debt when the individual has given his or her credit card number for this purpose;

j. To another Federal agency that has asked the NRC to effect an administrative

offset under common law or under 31 U.S.C. 3716 to help collect a debt owed the United

States. Disclosure under this routine use is limited to name, address, SSN, EIN, TIN,

ITIN, and other information necessary to identify the individual; information about the

money payable to or held for the individual; and other information concerning the

administrative offset;

k. To Treasury or other Federal agencies with whom NRC has entered into an

agreement establishing the terms and conditions for debt collection cross servicing

operations on behalf of the NRC to satisfy, in whole or in part, debts owed to the U.S.

Government. Cross servicing includes the possible use of all debt collection tools such

as administrative offset, tax refund offset, referral to debt collection contractors, salary

offset, administrative wage garnishment, and referral to the Department of Justice. The

DCIA of 2014 requires agencies to transfer to Treasury or Treasury-designated Debt

Collection Centers for cross servicing certain nontax debt over 120 days delinquent.

Treasury has the authority to act in the Federal Governments best interest to service,

collect, compromise, suspend, or terminate collection action under existing laws under

which the debts arise;

l. Information on past due, legally enforceable nontax debts more than 120 days

25 delinquent will be referred to Treasury for the purpose of locating the debtor and/or

effecting administrative offset against monies payable by the Government to the debtor,

or held by the Government for the debtor under the DCIAs mandatory, Government-

wide Treasury Offset Program (TOP). Under TOP, Treasury maintains a database of all

qualified delinquent nontax debts and works with agencies to match by computer their

payments against the delinquent debtor database in order to divert payments to pay the

delinquent debt. Treasury has the authority to waive the computer matching requirement

for NRC and other agencies upon written certification that administrative due process

notice requirements have been complied with;

m. For debt collection purposes, NRC may publish or otherwise publicly

disseminate information regarding the identity of delinquent nontax debtors and the

existence of the nontax debts under the provisions of the DCIA of 1996;

n. To the Department of Labor (DOL) and the Department of Health and Human

Services (HHS) to conduct an authorized computer matching program in compliance

with the Privacy Act of 1974, as amended, to match NRCs debtor records with records

of DOL and HHS to obtain names, name cont rols, names of employers, addresses,

dates of birth, and TINs. The DCIA requires all Federal agencies to obtain taxpayer

identification numbers from each individual or entity doing business with the agency,

including applicants and recipients of licenses, grants, or benefit payments; contractors;

and entities and individuals owing fines, fees, or penalties to the agency. NRC will use

TINs in collecting and reporting any delinquent amounts resulting from the activity and in

making payments;

o. If NRC decides or is required to sell a delinquent nontax debt under 31 U.S.C.

3711(I), information in this system of reco rds may be disclosed to purchasers, potential

purchasers, and contractors engaged to assist in the sale or to obtain information

26 necessary for potential purchasers to formulate bids and information necessary for

purchasers to pursue collection remedies;

p. If NRC has current and delinquent colla teralized nontax debts under 31 U.S.C.

3711(i)(4)(A), certain information in this system of records on its portfolio of loans, notes

and guarantees, and other collateralized debts will be reported to Congress based on

standards developed by the Office of Management and Budget, in consultation with

Treasury;

q. To Treasury in order to request a pay ment to individuals owed money by the

NRC;

r. To the National Archives and Records Administration or to the General

Services Administration for records management inspections conducted under 44 U.S.C.

2904 and 2906;

s. A record from this system of records which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

t. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

clearance, license, grant or other benefit;

u. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

27 necessary to its decision on a matter of hiring or retaining an employee, issuing a

security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

v. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

w. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

x. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

y. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

28

z. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Information in this system is stored on paper, microfiche, and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Automated information can be retrieved by name, SSN, TIN, DUNS number,

license or application number, contract or purchase order number, invoice number,

voucher number, and/or vendor code. Paper re cords are retrieved by invoice number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained under the National Archives and Records Administrations

General Records Schedule 1.1: Financial Management and Reporting Records, Item

010, Financial transaction records related to procuring goods and services, paying bills,

collecting debts, and accounting as the Official record held in the office of record.

Destroy 6 years after final payment or cancellation, but longer retention is authorized if

needed for business use. Records related to Administrative claims by or against the

United States are retained under General Records Schedule 1.1: Financial Management

and Reporting Records, item 080. Destroy 7 years after final action, but longer retention

is authorized if required for business use. Records used to calculate payroll, arrange

paycheck deposit, and change previously issued paychecks are scheduled under

General Records Schedule 2.4: Employee Compensation and Benefits Records, item

29 010. Destroy 3 years after paying agency or payroll processor validates data, but longer

retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in the primary system are maintained in a building where access is

controlled by a security guard force. Records are kept in lockable file rooms or at users

workstations in an area where access is c ontrolled by keycard and is limited to NRC and

contractor personnel who need the records to perform their official duties. The records

are under visual control during duty hours. Access to automated data requires use of

proper password and user identification codes by NRC or contractor personnel.

RECORDS ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

DISCLOSURES TO CONSUMER REPORTING AGENCIES:

Disclosures Pursuant to 5 U.S.C. 552a(b)(12): Disclosures of information to a consumer

reporting agency are not considered a routine use of records. Disclosures may be made

from this system to consumer reporting agencies as defined in the Fair Credit

30 Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966, as

amended (31 U.S.C. 3701(a)(3)).

SYSTEM NAME AND NUMBER:

Special Inquiry RecordsNRC 33.

SECURITY CLASSIFICATION:

Classified and Unclassified

SYSTEM LOCATION:

Primary systemSpecial Inquiry Group, NRC, One White Flint North, 11555

Rockville Pike, Rockville, Maryland.

Duplicate systemDuplicate sy stems exist, in whole or in part, at the locations

listed in Addendum I, Parts 1 and 2.

SYSTEM MANAGER(S):

Records Manager-, Special Inquiry Group, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 2051, 2052, 2201(c), (i) and (o).

PURPOSE(S) OF THE SYSTEM:

Investigation material for potential or actual concerns in connection with

investigations of accidents or incidents at nuclear power plants or other nuclear facility,

nuclear materials or an allegation regarding public health and safety.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals possessing information regarding or having knowledge of matters of

potential or actual concern to the Commission in connection with the investigation of an

accident or incident at a nuclear power plant or other nuclear facility, or an incident

involving nuclear materials or an allegation regarding the public health and safety related

31 to the NRCs mission responsibilities.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system consists of an alphabetical index file bearing individual names. The

index provides access to associated records which are arranged by subject matter, title,

or identifying number(s) and/or letter(s). The system incorporates the records of all

Commission correspondence, memoranda, audit reports and data, interviews,

questionnaires, legal papers, exhibits, investigative reports and data, and other material

relating to or developed as a result of the inquiry, study, or investigation of an accident or

incident.

RECORD SOURCE CATEGORIES:

The information in this system of records is obtained from sources including, but

not limited to, NRC officials and employees; Federal, State, local, and foreign agencies;

NRC licensees; nuclear reactor vendors and ar chitectural engineering firms; other

organizations or persons knowledgeable about the incident or activity under

investigation; and relevant NRC records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To provide information relating to an item which has been referred to the

Commission or Special Inquiry Group for investigation by an agency, group,

organization, or individual and may be disclosed as a routine use to notify the referring

agency, group, organization, or individual of the status of the matter or of any decision or

32 determination that has been made;

b. To disclose a record as a routine use to a foreign country under an

international treaty or convention entered into and ratified by the United States;

c. To provide records relating to the integrity and efficiency of the Commission's

operations and management and may be disseminated outside the Commission as part

of the Commission's responsibility to inform the Congress and the public about

Commission operations;

d. A record from this system of record s which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

e. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

clearance, license, grant or other benefit;

f. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

g. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

33 Congressional office made at the request of that individual;

h. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

i. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

j. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on paper in file folders and electronic media. Documents

are maintained in secured vault facilities.

34 POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Accessed by name (author or recipient), corporate source, title of document,

subject matter, or other identifying document or control number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Permanent Records retained as General Program Correspondence Files

(Subject Files) at the Office Director Level are scheduled under NUREG 0910 rev 4 -

2.18.5.a(1). Cut off at close of fiscal year. Transfer to the National Archives and Records

Administration when 20 years old. Permanent Nuclear Power Plant Docket Files are

scheduled under NUREG 0910 Rev 4 - 2.18.11.a(1). Cut off files upon license

termination following completion of decommissioning procedure. Closing date is the

termination date following completion of decommissioning procedure. Transfer to the

National Archives and Records Administration 20 years after termination of license.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

These records are located in locking filing cabinets or safes in a secured facility

and are available only to authorized personnel whose duties require access.

RECORD ACCESS PROCEDURES:

Same as Notification procedures. Information classified under Executive Order

12958 will not be disclosed. Information received in confidence will not be disclosed to

the extent that disclosure would reveal a confidential source.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

35 Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

Pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Commission has

exempted portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1),

(e)(4)(G), (H), and (I), and (f).

SYSTEM NAME AND NUMBER:

Drug Testing Program RecordsNRC 35.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemDivision of Facilities and Security, Office of Administration,

NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

Duplicate systemDuplicate systems exist in part at the NRC Regional office

locations listed in Addendum I, Part 2 (for a temporary period of time); and at the current

contractor testing laboratories, collection/evaluation facilities.

SYSTEM MANAGER(S):

Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear

Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C 7301; 5 U.S.C. 7361-7363; 42 U.S.C. 2165; 42 U.S.C. 290dd; Executive

Order (E.O.) 12564; 9397, as amended by E.O. 13478.

PURPOSE(S) OF THE SYSTEM:

This record system will maintain info rmation gathered by and in the possession

of NRC Drug Testing Program, used in verifying positive test results for illegal use of

36 controlled substance, as well as collecting and maintaining evidence of possession,

distribution, or trafficking of controlled substances.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

NRC employees, applicants, consultants, licensees, and contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:

These records contain information regarding the drug testing program; requests

for and results of initial, confirmatory and follow-up testing, if appropriate; additional

information supplied by NRC employees, employ ment applicants, consultants, licensees,

or contractors in challenge to positive test results; and written statements or medical

evaluations of attending physicians and/or information regarding prescription or

nonprescription drugs.

RECORD SOURCE CATEGORIES:

NRC employees, employment applicants, co nsultants, licensees, and contractors

who have been identified for drug testing who have been tested; physicians making

statements regarding medical evaluations and/or authorized prescriptions for drugs;

NRC contractors for processing including, but not limited to, specimen collection,

laboratories for analysis, and medical evaluations; and NRC staff administering the drug

testing program to ensure the achievement of a drug-free workplace.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To identify substance abusers within the agency;

37

b. To initiate counseling and/or rehabilitation programs;
c. To take personnel actions;
d. To take personnel security actions;
e. For statistical reporting purposes. Statistical reporting will not include

personally identifiable information;

f. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

g. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

h. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

38 POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on paper and electronic media. Specimens are

maintained in appropriate environments.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are indexed and accessed by name, social security number, testing

position number, specimen number, drug test ing laboratory accession number, or a

combination thereof.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Employee drug test plans, procedures, and scheduling records are retained

under the National Archives and Records Administrations General Records Schedule

2.7: Employee Health and Safety Records, item 100. Destroy when 3 years old or when

superseded or obsolete. Employee drug test acknowledgement of notice forms are

retained under General Records Schedule 2.7, item 110. Destroy when employee

separates from testing-designated position. Employee drug testing specimen records are

retained under General Records Schedule 2.7, item 120. Destroy 3 years after date of

last entry or when 3 years old, whichever is later. Employee drug test results (Positive

Results) are retained under General Records Schedule 2.7, item 130. Destroy when

employee leaves agency or when 3 years old, whichever is later. Employee drug test

results (Negative results) are retained under General Records Schedule 2.7, item 131.

Destroy when 3 years old.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in use are protected to ensure that access is limited to those persons

whose official duties require such acce ss. Unattended records are maintained in NRC-

controlled space in locked offices, locked desk drawers, or locked file cabinets. Stand-

alone and network processing systems are password protected and removable media is

39 stored in locked offices, locked desk drawers, or locked file cabinets when unattended.

Network processing systems have roles and responsibilities protection and system

security plans. Records at laboratory, collection, and evaluation facilities are stored with

appropriate security measures to control and lim it access to those persons whose official

duties require such access.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

Pursuant to 5 U.S.C. 552a(k)(5), the Commission has exempted portions of this

system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).

SYSTEM NAME AND NUMBER:

Employee Locator RecordsNRC 36.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemPart 1: For Headquarters personnel: Office of Chief Human

Capital Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

40 For Regional personnel: Regional Offices I-IV at the locations listed in Addendum 1, Part

2.

Part 2: Operations Division, Office of the Chief Information Officer, NRC, Two

White Flint North, 11545 Rockville Pike, Rockville, Maryland.

Part 3: Division of Administrative Serv ices, Office of Administration, NRC, One

White Flint North, 11555 Rockville Pike, Rockville, Maryland.

Duplicate systemDuplicate systems ex ist, in part, for Incident Response

Operations within the Office of Nuclear Security and Incident Response, NRC, Two

White Flint North, 11545 Rockville Pike, Rockville, Maryland, and at the NRCs Regional

Offices, at the locations listed in Addendum I, Part 2.

Duplicate systemDuplicate systems may exist, in part, within the organization

where an individual actually works, at the locations listed in Addendum I, Parts 1 and 2.

SYSTEM MANAGER(S):

Part 1: For Headquarters personnel: Associate Director for Human Resources

Operations and Policy, Office of the Chief Human Capital Officer, U.S. Nuclear

Regulatory Commission (NRC), Washington, DC 20555-0001; and for Regional

personnel: Regional Personnel Officer at the Regional Offices listed in Addendum I, Part

2; Part 2: IT Specialist, Network/Infrastructure Services Branch, IT Services

Development & Operations Division, Office of the Chief Information Officer, NRC,

Washington, DC 20555-0001; Part 3: Mail Services Team Leader, Administrative

Services Center, Division of Administrative Services, Office of Administration, NRC,

Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

44 U.S.C. 3101, 3301; Executive Order (E.O.) 9397, as amended by E.O. 13478;

and E.O. 12656.

41 PURPOSE(S) OF THE SYSTEM:

The purpose of this system is for NRC employees and contractors

accountability, to support NRC emergency response, and to contact designated persons

in the event of an emergency.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

NRC employees and contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:

These records include, but are not limited to, an individuals name, home

address, office organization and location (building, room number, mail stop), telephone

number (home, business, and cell), person to be notified in case of emergency (name,

address, telephone number), and other related records.

RECORD SOURCE CATEGORIES:

Individual on whom the record is maintained; Employee Express; Enterprise

Identity Hub (EIH), and other related records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To contact the subject individuals designated emergency contact in the case

of an emergency;

b. To contact the subject individual regarding matters of official business;
c. To maintain the agency telephone directory (accessible from www.nrc.gov);
d. For internal agency mail services;

42

e. A record from this system of record s which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

f. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

g. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

h. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

43 (including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information is accessed by name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Mail, printing, and telecommunication service control records are retained under

the National Archives and Records Administrations General Records Schedule 5.5:

Mail, Printing, and Telecommunications Service Management Records, item 020.

Destroy when 1 year old or when superseded or obsolete, whichever is applicable, but

longer retention is authorized if required for business use. Custom/client records are

retained under General Records Schedule 6.5: Public Customer Service Records, item

020. Destroy when superseded, obsolete, or when customer requests the agency to

remove the records.

Administrative records maintained in any agency office are retained under

General Records Schedule 5.1: Common Office Records, item 010. Destroy when

business use ceases.

Employee emergency contact information records are retained under the

National Archives General Records Schedule 5.3 item 020. Destroy when superseded or

obsolete, or upon separation or transfer of employee. These records are used to account

for and maintain communication with personnel during emergencies, office dismissal,

and closure situations.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Electronic records are password protected. Access to and use of these records is

44 limited to those persons whose official duties require such access.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

SYSTEM NAME AND NUMBER:

Information Security Files and Associated RecordsNRC 37.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Division of Security Operations, Office of Nuclear Security and Incident

Response, NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

SYSTEM MANAGER(S):

Director, Division of Security Operations, Office of Nuclear Security and Incident

Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 2161-2169 and 2201(i); Executive Order 13526; 10 CFR part 95.

45 PURPOSE(S) OF THE SYSTEM:

Keep track of NRC employees, contractors, consultants, licensees, and other

cleared persons who have been grant ed classification authority.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals include present and former NRC employees, contractors, consultants,

licensees, and other cleared persons.

CATEGORIES OF RECORDS IN THE SYSTEM:

These records include information regarding:

a. Personnel who are authorized access to specified levels, categories and types

of information, the approving authority, and related documents; and

b. Names of individuals who classify and/or declassify documents (e.g., for the

protection of Classified National Security Information and Restricted Data).

RECORD SOURCE CATEGORIES:

NRC employees, contractors, consultants, and licensees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To prepare statistical reports for the Information Security Oversight Office;
b. A record from this system of record s which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

46 criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

c. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

clearance, license, grant or other benefit;

d. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

necessary to its decision on a matter of hiring or retaining an employee, issuing a

security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

e. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

f. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

g. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

47

h. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

i. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Accessed by name and/or assigned number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained under the National Archives and Records Administrations,

General Records Schedule 4.2: Information Access and Protection Records. FOIA,

Privacy Act, and classified administrative re cords are retained under General Records

Schedule 4.2, item 001. Destroy when 3 years old, but longer retention is authorized if

needed for business use. Information access and protection tracking and control records

48 are retained under General Records Schedule 4.2, item 030. Destroy 2 years after last

form entry, reply, or submission; or when associated documents are declassified or

destroyed; or when authorization expires; whichever is appropriate. Longer retention is

authorized if required for business use. Access control records are retained under

General Records Schedule 4.2, item 031. Destroy when superseded or obsolete, but

longer retention is authorized if required for business use. Accounting for and control of

access to classified and controlled unclassified records and records requested under

FOIA, PA and MDR are retained under General Records Schedule 4.2, item 040.

Destroy or delete 5 years after date of last entry, final adjudication by courts, or final

action by agency (such as downgrading, transfe r or destruction of related classified

documents, or release of information from controlled unclassified status), as may apply,

whichever is later; but longer retention is authorized if required for business use.

Classified information nondisclosure agreements which are maintained

separately from the individuals official personnel folder are retained under the National

Archives and Records Administrations General Records Schedule 4.2 item 121. Destroy

records when 50 years old.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Information maintained in locked buildings, containers, or security areas under

guard and/or alarm protection, as appropriate. Records are processed only on systems

approved for processing classified information or accessible through password protected

systems for unclassified information. The cl assified systems are stand-alone systems

located within secure facilities or with removable hard drives that are either stored in

locked security containers or in alarmed vaults cleared for open storage of TOP

SECRET information.

49 CONTESTING RECORD PROCEDURE:

Same as Notification procedures.

RECORD ACCESS PROCEDURE:

Same as Notification procedures. Some information is classified under

Executive Order 13526 and will not be disclosed. Other information has been received in

confidence and will not be disclosed to the extent that disclosure would reveal a

confidential source.

NOTIFICATION PROCEDURE:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

Pursuant to 5 U.S.C. 552a(k)(1) and (k)(5), the Commission has exempted

portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4), (G), (H),

and (I), and (f).

SYSTEM NAME AND NUMBER:

Mailing ListsNRC 38.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemDigital Communications & Administrative Services Branch,

Division of Facilities and Securities, Office of Administration, NRC, 11545 Rockville Pike,

Rockville, Maryland.

50 Duplicate systemDuplicate sy stems exist in whole or in part at the locations

listed in Addendum I, Parts 1 and 2.

SYSTEM MANAGER(S):

Digital Communications & Administrative Services Branch, Division of Facilities

and Securities, Office of Administration, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

44 U.S.C. 3101, 3301.

PURPOSE(S) OF THE SYSTEM:

The system is maintained for the purpose of mailing informational literature or

responses to those who request it; maintaining lists of individuals who attend meetings;

and for other purposes for which mailing or contact lists may be created.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals, including NRC staff, with an interest in receiving information from the

NRC.

CATEGORIES OF RECORDS IN THE SYSTEM:

Mailing lists include an individual's name and address; and title, occupation, and

institutional affiliation, when applicable.

RECORD SOURCE CATEGORIES:

NRC staff, NRC licensees, and individuals expressing an interest in NRC

activities and publications.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

51 without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. A record from this system of records may be disclosed as a routine use for

distribution of documents to persons and organizations listed on the mailing list;

b. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

c. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

d. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

52 POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records maintained on paper, and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are accessed by company name, individual name, or file code

identification number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Customer/client records are retained under the National Archives and Records

Administrations General Records Schedule 6.5: Public Customer Service Records, Item

020. Delete when superseded, obsolete, or when customer requests the agency to

remove the records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access to and use of these records is limited to those persons whose official

duties require such access.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

53 SYSTEM NAME AND NUMBER:

Personnel Security Files and Associated RecordsNRC 39.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Division of Facilities and Security, Office of Administration, NRC, Two White Flint

North, Rockville, Maryland.

SYSTEM MANAGER(S):

Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear

Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 2011 et seq.; 42 U.S.C. 2165, 2201(i), 2201a, and 2284; 42 U.S.C.

5801 et seq.; Executive Order (E.O.) 9397, as amended by E.O. 13478; E.O. 10450, as

amended; E.O. 10865, as amended; E.O. 13467; E.O. 13526; E.O. 13587; 10 CFR parts

10, 11, 14, 25, 50, 73, 95; OMB Circular No. A-130, Revised; 5 CFR parts 731, 732, and

authorities cited therein.

PURPOSE(S) OF THE SYSTEM:

This record system will maintain info rmation gathered by and in the possession

of the NRC Division of Facilities and Security to maintain the NRCs Personnel Security

and Insider Threat programs.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Persons including NRC employees, empl oyment applicants, consultants,

contractors, and licensees; other Government agency personnel, other persons who

have been considered for an access authorization, special nuclear material access

authorization, unescorted access to NRC buildings or nuclear power plants, NRC

54 building access, access to Federal automated information systems or data, or

participants in the criminal history program; aliens who visit NRC's facilities; and actual

or suspected violators of laws administered by NRC.

CATEGORIES OF RECORDS IN THE SYSTEM:

These records contain information about individuals, which includes, but is not

limited to, their name(s), address, date and place of birth, social security number,

identifying information, citizenship, residence history, employment history, military

history, financial history, foreign travel, foreign contacts, education, spouse/cohabitant

and relatives, personal references, organizational membership, medical, fingerprints,

criminal record, and security clearance history. These records also contain copies of

personnel security investigative reports from other Federal agencies, summaries of

investigative reports, results of Federal agency indices and database checks, records

necessary for participation in the criminal hi story program, reports of personnel security

interviews, clearance actions information (e.g., grants and terminations), access

approval/disapproval actions related to NRC building access or unescorted access to

nuclear plants, or access to Federal automated information systems or data, violations of

laws, reports of security infraction, insider threat program inquiry records including

analysis, results, referrals, and/or mitigation actions, and other related personnel security

processing documents.

RECORD SOURCE CATEGORIES:

NRC applicants, employees, contractors, consultants, licensees, visitors and

others, as well as information furnished by other Government agencies or their

contractors.

55 ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Information in these records may be used by the Division of Facilities and

Security and on a need-to-know basis by appropr iate NRC officials, Hearing Examiners,

Personnel Security Review Panel members, Office of Personnel Management, Central

Intelligence Agency, Office of the Director of National intelligence, and other Federal

agencies under the following routine uses:

a. To determine clearance or access authorization eligibility;
b. To determine eligibility for access to NRC buildings or access to Federal

automated information systems or data;

c. To certify clearance or access authorization;
d. To maintain the NRC personnel security program, including the Insider Threat

Program;

e. To provide licensees information needed for unescorted access or access to

safeguards information determinations;

f. A record from this system of records which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

g. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

56 clearance, license, grant or other benefit;

h. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

necessary to its decision on a matter of hiring or retaining an employee, issuing a

security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

i. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

j. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

k. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

l. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

57 is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

m. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records maintained on paper, tapes, and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed and accessed by name, social security number, docket number, or a

combination thereof.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Security administrative records are retained under the National Archives and

Records Administrations General Records Schedule 5.6: Security Records, Item 010.

Destroy when 3 years old, but longer retention is authorized if required for business use.

Visitor processing records in areas requiring highest level security awareness are

retained under General Records Schedule 5.6, item 110. Destroy when 5 years old, but

longer retention is authorized if required for business use. Visitor processing records in

all other facility security areas are retained under General Records Schedule 5.6, item

111. Destroy when 2 years old, but longer retention is authorized if required for business

use. Personnel security and access clearance records of people issued clearances are

retained under General Records Schedule 5.6, item 181. Destroy 5 years after employee

58 or contractor relationship ends, but longer retention is authorized if required for business

use. Indexes to the personnel security case files are retained according to General

Records Schedule 5.6 item 190 and destroyed when superseded or obsolete.

Insider threat inquiry records are retained according to General Records

Schedule 5.6 item 220 and destroyed 25 years afte r close of inquiry, but longer retention

is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in use are protected to ensure that access is limited to those persons

whose official duties require such access. Unattended records are maintained in

NRC-controlled space in locked offices, lock ed desk drawers, or locked file cabinets.

Mass storage of records is protected when unattended by a combination lock and alarm

system. Unattended classified records are protected in appropriate security containers in

accordance with Management Directive 12.1.

NOTIFICATION PROCEDURE:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

RECORD ACCESS PROCEDURE:

Same as Notification procedures. Some information is classified under

Executive Order 12958 and will not be disclosed. Other information has been received in

confidence and will not be disclosed to the extent the disclosure would reveal a

confidential source.

59 CONTESTING RECORD PROCEDURE:

Same as Notification procedures.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

Pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Commission has

exempted portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1),

(e)(4)(G), (H), and (I), and (f).

SYSTEM NAME AND NUMBER:

Facility Security Access Control RecordsNRC 40.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemDivision of Facilities and Security, Office of Administration,

NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

Duplicate systemDuplicate systems exist in part at NRC Regional Offices and

the NRC Technical Training Center at the locations listed in Addendum I, Part 2.

SYSTEM MANAGER(S):

Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear

Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 2165-2169 and 2201; Executive Order (E.O.) 9397, as amended by

E.O. 13478; E.O. 13462, as amended by E.O. 13516.

PURPOSE(S) OF THE SYSTEM:

Tracking issued NRC personal identificat ion badges issued for access to

NRC-controlled space and approved visitors to the NRC.

60 CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current and former NRC employees, consultants, contractors, other Government

agency personnel, and approved visitors.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system includes information regar ding: (1) NRC personal identification

badges issued for continued access to NRC-controlled space; and (2) records regarding

visitors to NRC. The records include, but are not limited to, an individuals name, social

security number, electronic image, badge num ber, citizenship, employer, purpose of

visit, person visited, date and time of visit, and other information contained on

Government issued credentials.

RECORD SOURCE CATEGORIES:

Sources of information include NRC empl oyees, contractors, consultants,

employees of other Government agencies, and visitors.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To control access to NRC classified information and to NRC spaces by human

or electronic means;

b. Information (identification badge) may also be used for tracking applications

within the NRC for other than security access purposes;

c. The electronic image used for the NRC employee personal identification badge

may be used for other than security purposes only with the written consent of the subject

61 individual;

d. A record from this system of record s which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

e. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

clearance, license, grant or other benefit;

f. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

necessary to its decision on a matter of hiring or retaining an employee, issuing a

security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

g. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

h. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

62

i. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

j. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

k. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on paper and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information is indexed and accessed by individuals name, social security

number, identification badge number, employers name, date of visit, or sponsors name.

63 POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The National Archives and Records Administrations General Records Schedule

5.6 includes Security Records. Visitor processing records in areas requiring highest level

security awareness, including areas designat ed by the interagency Security Committee

as Facility Security Level V, are retained according to General Records Schedule 5.6,

item 110. Destroy when 5 years old, but longer retention is authorized if required for

business use. Visitor processing records in facility security areas not requiring highest

level security awareness, including areas designated by the interagency Security

Committee as Facility Security Levels I th rough IV, are retained under General Records

Schedule 5.6, item 111. Destroy when 2 years old, but longer retention is authorized if

required for business use. Indexes to personnel security case files are retained under

General Records Schedule 5.6, item 190. Destroy when superseded or obsolete.

Records of routine security operations are retained under General Records Schedule

5.6, item 090. Destroy when 30 days old, but longer retention is authorized if required for

business use. Personal identification credentials and cards, including application and

activation records, are retained according to General Records Schedule 5.6, item 120.

Destroy 6 years after the end of an employee or contractors tenure, but longer retention

is authorized if required for business use. Personal identification cards are retained

according to General Records Schedule 5.6 item 121 and destroyed after expiration,

confiscation, or return. Personnel suitability and eligibility investigative reports are

retained according to General Records Schedule 5.6, item 170. Destroy in accordance

with the investigating agency instruction. Reports and records created by agencies

conducting investigations under delegated investigative authority are retained according

to General Records Schedule 5.6, item 171. Destroy in accordance with delegated

authority agreement or memorandum of understanding.

64 ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

All records are maintained in NRC-controlled space that is secured after normal

duty hours or a security area under guard presence in a locked security container/vault.

There is an approved security plan which identifies the physical protective measures and

access controls (i.e., passwords and software design limiting access based on each

individuals role and responsibilities relative to the system) specific to each system.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

SYSTEM NAME AND NUMBER:

Tort Claims and Personal Property Claims RecordsNRC 41.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemOffice of the General Counsel, NRC, One White Flint North,

11555 Rockville Pike, Rockville, Maryland.

65 Duplicate systemDuplicate sy stems exist, in whole or in part, in the Office of

the Chief Financial Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville,

Maryland, and at the locations listed in Addendum I, Parts 1 and 2. Other NRC systems

of records, including but not limited to, NRC-18, Office of the Inspector General (OIG)

Investigative RecordsNRC and Defense Nucl ear Facilities Safety Board (DNFSB),

and NRC-32, Office of the Chief Financia l Officer Financial Transactions and Debt

Collection Management RecordsNRC, may contain some of the information in this

system of records.

SYSTEM MANAGER:

Assistant General Counsel for Labor, Employment and Contract Law, U.S.

Nuclear Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Tort Claims Act, 28 U.S.C. 2671 et seq.; Military Personnel and Civilian

Employees' Claims Act, 31 U.S.C. 3721; 44 U.S.C. 3101.

PURPOSE(S) OF THE SYSTEM:

Claims with the NRC under the Federal Tort Claims Act or the Military Personnel

and Civilian Employees Claims Act.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who have filed claims with NRC under the Federal Tort Claims Act or

the Military Personnel and Civilian Employees' Claims Act and individuals who have

matters pending before the NRC that may result in a claim being filed.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system contains information relating to loss or damage to property and/or

personal injury or death in which the U.S. Government may be liable. This information

includes, but is not limited to, the individual's name, home address and phone number,

66 work address and phone number, drivers license number, claim forms and supporting

documentation, police reports, witness statements, medical records, insurance

information, investigative reports, repair/replacement receipts and estimates, litigation

documents, court decisions, and other information necessary for the evaluation and

settlement of claims.

RECORD SOURCE CATEGORIES:

Information is obtained from a number of sources, including but not limited to,

claimants, NRC employees involved in t he incident, witnesses or others having

knowledge of the matter, police reports, medical reports, investigative reports, insurance

companies, and attorneys.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, NRC may disclose information cont ained in a record in this system of

records without the consent of the subject individual if the disclosure is compatible with

the purpose for which the record was collected under the following routine uses:

a. To third parties, including claimants' attorneys, insurance companies,

witnesses, potential witnesses, local police authorities where an accident occurs, and

others who may have knowledge of the matter to the extent necessary to obtain

information that will be used to evaluate, settle, refer, pay, and/or adjudicate claims;

b. To the Department of Justice (DOJ) when the matter comes within their

jurisdiction, such as to coordinate litigation or when NRC's authority is limited, and DOJ

advice or approval is required before NRC can award, adjust, compromise, or settle

certain claims;

67

c. To the appropriate Federal agency or agencies when a claim has been

incorrectly filed with NRC or when more than one agency is involved, and NRC makes

agreements with the other agencies as to which one will investigate the claim;

d. To the Department of the Treasury to request payment of an award,

compromise, or settlement of a claim;

e. Information contained in litigation records is public to the extent that the

documents have been filed in a court or public administrative proceeding, unless the

court or other adjudicative body has ordered otherwise. This public information, including

information concerning the nature, status, and disposition of the proceeding, may be

disclosed to any person, unless it is determined that release of specific information in the

context of a particular case would constitute an unwarranted invasion of personal

privacy;

f. To the National Archives and Records Administration or to the General

Services Administration for records management inspections conducted under 44 U.S.C.

2904 and 2906;

g. A record from this system of record s which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

h. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

68 clearance, license, grant or other benefit;

i. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

necessary to its decision on a matter of hiring or retaining an employee, issuing a

security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

j. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

k. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

l. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

m. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

69 is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

n. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Information in this system of records is stored on paper and computer media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information is indexed and accessed by the claimant's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records will be retained under the National Archives and Records

Administrations General Records Schedules and the NRC NUREG 0910 Revision 4.

Financial transaction records related to procuring goods and services, paying

bills, collecting debts, and accounting, are retained according to General Records

Schedule 1.1: Financial Management and Reporting Records, item 010 (Official record

held in the office of record). Financial transaction records are destroyed 6 years after

final payment or cancellation, but longer retention is authorized if required for business

use. Since the General Records Schedule (GRS) allows for longer retention, NRC

chooses to retain records for 7 years as required for its business use, before destruction.

Administrative claims by or against the United States are retained according to General

Records Schedule 1.1, item 080. Administrative claims records are destroyed 7 years

70 after final action, but longer retention is authorized if required for business use. Litigation

Case Files, are retained according to NRCs NUREG 0910, Revision 4, Part 2.12.7.a.

Closed files are retired 7 years after cases are closed and transferred to the National

Archives and Records Administration 20 years after cases are closed. ADAMS PDF files

and TIFF files are cutoff when case is closed and transferred to the National Archives 20

years after case is closed.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The paper records are stored in locked file cabinets and access is restricted to

those agency personnel whose official duties and responsibilities require access.

Automated records are protected by password.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

Disclosure Pursuant to 5 U.S.C. 552a(b)(12): Disclosure of information to a consumer

reporting agency is not considered a routine use of records. Disclosures may be made

71 from this system of records to consum er reporting agencies as defined in the Fair

Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966,

as amended (31 U.S.C. 3701(a)(3)).

SYSTEM NAME AND NUMBER:

Employee Health Center RecordsNRC 43.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemEmployee Health Center, NRC, One White Flint North, 11555

Rockville Pike, Rockville, Maryland.

Duplicate systemDuplicate systems exist, in part, at health care facilities

operating under a contract or agreement with NRC for health-related services in the

vicinity of each of NRCs Regional offices listed in Addendum I, Part 2. NRCs Regional

offices may also maintain copies of occupational health records for their employees.

This system may contain some of the information maintained in other systems of

records, including NRC-11, Reasonable Accommodation RecordsNRC, NRC-44,

Employee Fitness Center RecordsNRC, and DOL/GOVT-1 Office of Workers

Compensation Programs, Federal Employees Compensation Act File.

SYSTEM MANGERS(S):

Technical Assistance Project Manager, Office of the Chief Human Capital Officer,

U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 7901; Executive Order 9397, as amended by E.O. 13478.

PURPOSE(S) OF THE SYSTEM:

Maintaining health records for current and former NRC employees, consultants,

72 contractors, other Government personnel, and anyone who may require emergency or

first-aid treatment on NRC premises.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current and former NRC employees, consultants, contractors, other Government

personnel, and anyone on NRC premises who requi res emergency or first-aid treatment.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system is comprised of records developed as a result of voluntary employee

use of health services provided by the Heal th Center, and of emergency health services

rendered by Health Center staff to individuals for injuries and illnesses suffered while on

NRC premises. Specific information maintained on individuals may include, but is not

limited to, their name, date of birth, and so cial security number; medical history and

other biographical data; test reports and medical diagnoses based on employee health

maintenance physical examinations or health screening programs (tests for single

medical conditions or diseases); history of complaint, diagnosis, and treatment of injuries

and illness rendered by the Health Center st aff; immunization records; records of

administration by Health Center staff of medications prescribed by personal physicians;

medical consultation records; statistical records; daily log of patients; and medical

documentation such as personal physician correspondence, test results submitted to the

Health Center staff by the employee; and o ccupational health records. This system does

not maintain records that are a result of a condition of employment, records and reports

generated in relation to a Workers Compensation claim, or records resulting from

participation in an agency-sponsored health and wellness program. Such records are

maintained in the government-wide system of records notice OPM/GOVT-10 Employee

Medical File System Records.

73 RECORD SOURCE CATEGORIES:

Information in this system of records is obtained from a number of sources

including, but not limited to, the individual to whom it pertains; laboratory reports and test

results; NRC Health Center physicians, nur ses, and other medical technicians or

personnel who have examined, tested, or treated the individual; the individual's

coworkers or supervisors; other systems of records; the individual's personal

physician(s); NRC Fitness Center staff; other Federal agencies; and other Federal

employee health units.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To refer information required by applicable law to be disclosed to a Federal,

State, or local public health service agency concerning individuals who have contracted

certain communicable diseases or conditions in an effort to prevent further outbreak of

the disease or condition;

b. To disclose information to the appropriate Federal, State, or local agency

responsible for investigation of an accident, disease, medical condition, or injury as

required by pertinent legal authority;

c. To disclose information to the Office of Workers' Compensation Programs in

connection with a claim for benefits filed by an employee;

d. To Health Center staff and medical personnel under a contract or agreement

with NRC who need the information in order to schedule, conduct, evaluate, or follow up

74 on physical examinations, tests, emergency treatments, or other medical and health care

services;

e. To refer information to private physicians designated by the individual when

requested in writing;

f. To the National Archives and Records Administration or to the General

Services Administration for records management inspections conducted under 44 U.S.C.

2904 and 2906;

g. A record from this system of record s which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

h. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

clearance, license, grant or other benefit;

i. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

necessary to its decision on a matter of hiring or retaining an employee, issuing a

security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

j. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

75 tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

k. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

l. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

m. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

n. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

76 (including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored in file folders, on electronic media, and on file cards, logs, x-

rays, and other medical reports and forms.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by the individuals name, date of birth, and social security

number, or any combination of those identifiers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Clinic Scheduling Records are retained under the National Archives and Records

Administrations General Records Schedule 2.7: Employee Health and Safety Records,

item 010. Destroy when 3 years old, but longer retention is authorized if required for

business use. Short-term occupational individual medical case files are retained under

General Records Schedule 2.7, item 061. Destroy 1 year after employee separation or

transfer. Individual employee health case files created prior to establishment of the

Employee Medical File system in 1986 ar e retained under General Records Schedule

2.7, item 062. Destroy 60 years after retire ment to the NARA records storage facility.

Non-occupational individual medical case files are retained under General Records

Schedule 2.7, item 070. Destroy 10 years after the most recent encounter, but longer

retention is authorized if needed for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in the primary system are maintained in a building where access is

controlled by a security guard force and entry to each floor is controlled by keycard.

Records in the system are maintained in lockable file cabinets with access limited to

agency or contractor personnel whose duties require access. The records are under

77 visual control during duty hours. Access to automated data requires use of proper

password and user identification codes by authorized personnel.

RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001; comply with the procedures contained in NRCs Privacy

Act regulations, 10 CFR part 9; and provide their full name, any former name(s), date of

birth, and Social Security number.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

SYSTEM NAME AND NUMBER:

Employee Fitness Center RecordsNRC 44.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemFitness Center, NRC, Two White Flint North, 11545 Rockville

Pike, Rockville, Maryland.

SYSTEM MANAGER(S):

Office of Chief Human Capital Officer C ontracting Officer Representative, Office

of the Chief Human Capital Officer, U.S. Nuclear Regulatory Commission, Washington,

78 DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 7901; Executive Order (E.O.) 9397, as amended by E.O. 13478.

PURPOSE(S) OF THE SYSTEM:

Maintaining membership for the NRC Fitness Center.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

NRC employees who apply for membership at the Fitness Center, including

current and former members.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system includes applications to participate in NRCs Fitness Center,

information on an individuals degree of physical fitness and their fitness activities and

goals; and various forms, memoranda, and correspondence related to Fitness Facilities

membership and financial/payment matters. Specific information contained in the

application for membership includes the employee applicant's name, gender, age, badge

id, height, weight, and medical information, including a history of certain medical

conditions; the name of the individual's pers onal physician and any prescription or over-

the-counter drugs taken on a regular basis; and the name and address of a person to be

notified in case of emergency.

RECORD SOURCE CATEGORIES:

Information in this system of records is principally obtained from the subject

individual. Other sources of information include, but are not limited to, the NRC Fitness

Center Director, staff physicians retained by the NRC, and the individuals personal

physicians.

79 ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the subject individual if the disclosure is compatible with the

purpose for which the record was collected under the following routine uses:

a. To the individual listed as an emergency contact, in the event of an

emergency;

b. To the National Archives and Records Administration or to the General

Services Administration for records management inspections conducted under 44 U.S.C.

2904 or 2906;

c. A record from this system of records which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

d. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

clearance, license, grant or other benefit;

e. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

necessary to its decision on a matter of hiring or retaining an employee, issuing a

80 security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

f. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

settlement negotiations;

g. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

h. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

i. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

j. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

81 from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on paper and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information is indexed and accessed by an individuals name and/or NRC Badge

ID number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS

Fitness Center records are retained according to the National Archives and

Records Administrations General Records Schedule 2.7: Employee Health and Safety

Records, item 080, Non-occupational health and wellness program records. Destroy 3

years after the project/activity or transaction is completed or superseded, but longer

retention is authorized if needed for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are maintained in a building where access is controlled by a security

guard force. Access to the Fitness Center is controlled by keycard and bar code

verification. Records in paper form are st ored alphabetically by individuals names in

lockable file cabinets maintained in the NRC where access to the records is limited to

agency and Fitness Center personnel whose duties require access. The records are

under visual control during duty hours. Automated records are protected by screen

saver. Access to automated data requires use of proper password and user identification

codes. Only authorized personnel have access to areas in which information is stored.

82 RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

DISCLOSURES TO CONSUMER REPORTING AGENCIES:

Disclosures Pursuant to 5 U.S.C. 552a(b)(12): Disclosures of information to a

consumer reporting agency are not considered a routine use of records. Disclosures

may be made from this system to consumer reporting agencies as defined in the Fair

Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966,

as amended (31 U.S.C. 3701(a)(3)).

SYSTEM NAME AND NUMBER:

Electronic Credentials for Personal Identity Verification-NRC 45.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Primary systemOffice of the Chief Information Officer, NRC, White Flint North

Complex, 11555 Rockville Pike, Rockville, Maryland, and current contractor facility.

83 Duplicate system-Duplicate systems may exist, in whole or in part, at the

locations listed in Addendum I, Part 2.

SYSTEM MANAGER(S):

Director, Solutions Development and Operations Division, Office of the Chief

Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301; 42 U.S.C. 2165 and 2201(i); 44 U.S.C. 3501, 3504; Electronic

Government Act of 2002, 44 U.S.C. chapter 36; Homeland Security Presidential

Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal

Employees and Contractors, August 27, 2004; Executive Order (E.O.) 9397, as

amended by E.O. 13478.

PURPOSE(S) OF THE SYSTEM:

Track and control PIV cards issued to persons entering and exiting the NRC

facilities or using NRC systems; and verify that all person entering federal facilities, using

Federal information resources, are authorized to do so.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered are persons who have applied for the issuance of electronic

credentials for signature, encryption, and/or authentication purposes; have had their

credentials renewed, replaced, suspended, revoked, or denied; have used their

credentials to electronically make contact wi th, retrieve information from, or submit

information to an automated information sy stem; or have corresponded with NRC or its

contractor concerning digital services.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system contains information needed to establish and verify the identity of

users, to maintain the system, and to establish accountability and audit controls. System

84 records may include: (a) applications for the issuance, amendment, renewal,

replacement, or revocation of electronic credentials, including evidence provided by

applicants or proof of identity and authority, and sources used to verify an applicant's

identity and authority; (b) credentials issued; (c) credentials denied, suspended, or

revoked, including reasons for denial, suspension, or revocation; (d) a list of currently

valid credentials; (e) a list of currently invalid credentials; (f) a record of validation

transactions attempted with electronic credentials; and (g) a record of validation

transactions completed with electronic credentials.

RECORD SOURCE CATEGORIES:

The sources for information are the individuals who apply for electronic

credentials, the NRC and contractors using multiple sources to verify identities, and

internal system transactions designed to gather and maintain data needed to manage

and evaluate the electronic credentials program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the disclosures permitted under subsection (b) of the Privacy Act,

the NRC may disclose information contained in this system of records without the

consent of the subject individual if the disclosure is compatible with the purpose for

which the record was collected under the following routine uses:

a. To agency electronic credential program contractors to compile and maintain

documentation on applicants for verifying applicants' identity and authority to access

information system applications; to establish and maintain documentation on information

sources for verifying applicants' identities; to ensure proper management, data accuracy,

and evaluation of the system;

b. To Federal authorities to determine the validity of subscriber digital certificates

85 and other identity attributes;

c. To the National Archives and Records Administration (NARA) for records

management purposes;

d. To a public data repository (only name, e-mail address, organization, and

public key) to facilitate secure communications using digital certificates;

e. A record from this system of record s which indicates a violation of civil or

criminal law, regulation or order may be referred as a routine use to a Federal, State,

local or foreign agency that has authority to investigate, enforce, implement or prosecute

such laws. Further, a record from this system of records may be disclosed for civil or

criminal law or regulatory enforcement purposes to another agency in response to a

written request from that agencys head or an official who has been delegated such

authority;

f. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency to obtain information relevant to an NRC decision

concerning hiring or retaining an employee, letting a contract, or issuing a security

clearance, license, grant or other benefit;

g. A record from this system of records may be disclosed as a routine use to a

Federal, State, local, or foreign agency requesting a record that is relevant and

necessary to its decision on a matter of hiring or retaining an employee, issuing a

security clearance, reporting an investigation of an employee, letting a contract, or

issuing a license, grant, or other benefit;

h. A record from this system of records may be disclosed as a routine use in the

course of discovery; in presenting evidenc e to a court, magistrate, administrative

tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative

dispute resolution proceedings, such as arbitration or mediation; or in the course of

86 settlement negotiations;

i. A record from this system of records may be disclosed as a routine use to a

Congressional office from the record of an individual in response to an inquiry from the

Congressional office made at the request of that individual;

j. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for a purpose within the scope of the pertinent NRC task. This access will

be granted to an NRC contractor or employee of such contractor by a system manager

only after satisfactory justification has been provided to the system manager;

k. A record from this system of records may be disclosed as a routine use to

appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed

that there has been a breach of the system of records, (2) NRC has determined that as a

result of the suspected or confirmed breach there is a risk of harm to individuals, NRC

(including its information systems, programs, and operations), the Federal Government,

or national security; and (3) the disclosure made to such agencies, entities, and persons

is reasonably necessary to assist in connection with NRC efforts to respond to the

suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

l. A record from this system of records may be disclosed as a routine use to

another Federal agency or Federal entity, when the NRC determines that information

from this system of records is reasonably necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

87 POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored electronically or on paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrievable by an individuals name, e-mail address, certificate

status, certificate number or credential number, certificate issuance date, or approval

role.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained under the National Archives and Records Administrations,

General Records Schedule 5.6: Security Records. Application and activation records for

personal identification credentials and cards are retained under General Records

Schedule 5.6, item 120. Destroy 6 years after the end of an employee or contractors

tenure, but longer retention is authorized if required for business use. Personnel

identification cards are retained under General Records Schedule 5.6, item 121. Destroy

after expiration, confiscation, or return. Local facility identification and card access

records are retained under General Records Schedule 5.6, item 130. Destroy upon

immediate collection once the temporary credential or card is returned for potential

reissuance due to nearing expiration or not to exceed 6 months from time of issuance or

when individual no longer requires access, whichever is sooner, but longer retention is

authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Technical, administrative, and personnel security measures are implemented to

ensure confidentiality, integrity, and availability of the system data stored, processed,

and transmitted. Hard copy documents are maintained in locking file cabinets. Electronic

records are, at a minimum, password protected. Access to and use of these records is

limited to those individuals whose official duties require access.

88 RECORD ACCESS PROCEDURES:

Same as Notification procedures.

CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Freedom of Information Act or Privacy Act

Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with the procedures contained in NRCs

Privacy Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMS FOR THE SYSTEM:

None.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

Disclosure of system records to cons umer reporting systems is not permitted.

SYSTEM NAME AND NUMBER:

Health Emergency RecordsNRC 46.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Headquarters, 11555 Rockville Pike, Rockville, Maryland. Records may be

maintained at all locations at which the NRC, or contractors on behalf of the NRC,

operate or at which NRC operations are supported.

SYSTEM MANAGER(S):

Chief Human Capital Officer, Office of the Chief Human Capital Officer, U.S.

Nuclear Regulatory Commission, Washington, DC 20555-0001.

89 AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Workforce safety Federal requirements, which include: the Occupational Safety

and Health Act of 1970; Executive Order 12196; and 5 U.S.C. 7902, Safety programs.

Federal laws that authorize the NRC to create and maintain Federal records of agency

activities, which include: 44 U.S.C. 3101; the Religious Freedom Restoration Act of

1933, 42 U.S.C. Chapter 21B; Title VII of the Civil Rights Act of 1964, as amended, 42

U.S.C. 2000e; and the Rehabilitation Act of 1973, as amended, 29 U.S.C. 701 et seq.

Authorities addressing the federal governments preparation for, and response to, public

health threats, including the PREVENT Pandemics Act, 42 U.S.C. § 300hh-3; and

Executive Order 13987, Organizing and Mobilizing the United States Government to

Provide a Unified and Effective Response to Combat COVID-19 and to Provide United

States Leadership on Global Health and Security.

PURPOSE(S) OF THE SYSTEM:

Maintaining records necessary and relevant to NRC activities responding to and

mitigating high-consequence public health threats. Records may include, but are not

limited to, those applicable health related records needed to understand the impact of an

illness or disease on the NRC workforce or to assist the NRC in protecting its workforce

from a declared public health emergency, pandemic, or other high-consequence public

health threat, including records submitted by NRC personnel or by the lawful

representative of such personnel.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

NRC's employees.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records maintained in this system may include:

A. Full name, NRC employee ID number; telephone number, worksite, email

90 address, supervisor's name, address and contact information.

C. Other information about the individual directly related to the disease or illness

(e.g., testing results/information, symptoms, treatments, source of exposure, or other

applicable health related information).

D. Appointment scheduling information, including the date, time, and location of a

scheduled appointment.

E. Medical screening information, including the individual's name, date of birth,

age, category of employment, current medica l status, related medical history, and any

relevant medical history.

RECORD SOURCE CATEGORIES:

Records may be obtained from NRC employees or their representative who may

provide relevant information on a suspected or confirmed disease or illness, or the

prevention of such disease or illness, which is the subject of a high-consequence public

health threat.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING

CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the other types of disclosures permitted under subsection (b) of the

Privacy Act, the NRC may disclose information contained in this system of records

without the consent of the persons or entities mentioned herein if the disclosure is

compatible with the purpose for which the record was collected under the following

routine uses:

A. To appropriate medical facilities, or Federal, State, local, Tribal, territorial or

foreign government agencies, to the extent permitted by law, for the purpose of

protecting the vital interests of individual(s), including to assist the United States

Government in responding to or mitigating high-consequence public health threats.

91 B. To determine eligibility for access to NRC buildings, NRC licensee facilities or

sites, or other Federal facilities.

C. To provide licensees information needed for unescorted access or access to

the licensee's facility(s).

D. Where a record, either alone or in conjunction with other information, indicates

a violation or potential violation of lawcriminal, civil, or regulatory in naturethe

relevant records may be referred to the appropriate Federal, State, local, territorial,

Tribal, or foreign law enforcement authority or other appropriate entity charged with the

responsibility for investigating or prosecuting such violation or charged with enforcing or

implementing such law.

E. In an appropriate proceeding before a court, grand jury, or administrative or

adjudicative body, when the NRC determines that the records are arguably relevant to

its proceeding; or in an appropriate proceeding before an administrative or adjudicative

body when the adjudicator determines the records to be relevant to the proceeding.

F. To contractors, grantees, experts, consultants, students, and others

performing or working on a contract, service, grant, cooperative agreement, or other

assignment for the Federal Government, when necessary to accomplish an NRC

function related to this system of records.

G. A record on an employee from this system of records may be disclosed as a

routine use to a Federal, State, local, territorial, Tribal, or foreign agency requesting a

record that is relevant and necessary to its decision on a matter of hiring or retaining an

employee, issuing a security clearance, reporting an investigation of that individual,

letting a contract, or issuing a license, grant, or other benefit.

H. A record on an employee from this system of records may be disclosed as a

routine use to a Congressional office in response to an inquiry from the Congressional

92 office made at the request of that individual.

I. To the National Archives and Records Administration for purposes of records

management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

J. To appropriate agencies, entities, and persons when (1) the NRC suspects or

has confirmed that there has been a breach of the system of records. (2) the NRC has

determined that as a result of the suspected or confirmed breach there is a risk of harm

to an individual(s), the NRC (including its information systems, programs, and

operations), the Federal Government, or national security; and (3) the disclosure made

to such agencies, entities, and persons is reasonably necessary to assist in connection

with the NRC's efforts to respond to the suspected or confirmed breach or to prevent,

minimize, or remedy such harm.

K. To another Federal agency or Federal entity, when the NRC determines that

information from this system of records is necessary to assist the recipient agency or

entity in (1) responding to a suspected or confirmed breach, or (2) preventing,

minimizing, or remedying the risk of harm to individuals, the recipient agency or entity

(including its information systems, programs, and operations), the Federal Government,

or national security, resulting from a suspected or confirmed breach.

L. To any agency, organization, or individual for the purpose of performing

authorized audit or oversight operations of the NRC and meeting related reporting

requirements.

M. To such recipients and under such circumstances and procedures as are

mandated by Federal statute or treaty.

N. A record from this system of records may be disclosed as a routine use to

NRC-paid experts or consultants, and those under contract with the NRC on a need-to-

know basis for purpose within the scope of the pertinent NRC task. This access will be

93 granted to an NRC contractor or employee of such contractor by a system manager only

after satisfactory justification has been provided to the system manager.

O. To a Federal agency employee, expert, consultant, or contractor in performing

a Federal duty for purposes of authorizing, arranging, and/or claiming reimbursement for

official travel, including, but not limit ed to, traveler profile information.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

All records in this system of records are maintained and in compliance with

applicable executive orders, statutes, and agency implementing recommendations.

Electronic records are stored in databases. Paper records are maintained in a secure,

access-controlled room, with access limited to authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records will be retrieved by any of the categories of records, including name,

location, date of applicable health information, or work status.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

To the extent applicable, to ensure compliance with Americans with Disabilities

Act, the Rehabilitation Act, and the Genetic Information Nondiscrimination Act of 2008,

medical information must be maintained on separate forms and in separate medical

files and be treated as a confidential medical record. 42 U.S.C. 12112(d)(3)(B);

42 U.S.C. sec 2000ff-5(a); 29 CFR 1630.14(b)(1), (c)(1),(d)(4)(i); and 29 CFR 1635.9(a).

This means that medical information and documents must be stored separately from

other personnel records. As such, the NRC must keep medical records for at least 1

year from creation date. 29 CFR 1602.14. Further, records compiled under this system

of records notice will be maintained in accordance with the National Archives and

Records Administration General Records Schedule (GRS) 2.7, Employee Health and

Safety Records, Items 010, 070, or 080 to the extent applicable.

94 GRS 2.7 item 010 (DAA-GRS-2017-0010-0001)Clinic scheduling records.

Temporary. Destroy when 3 years old, but longer retention is authorized if needed for

business use.

GRS 2.7 item 070 (DAA-GRS-2017-0010-0012)Non-occupational individual

case files. Temporary. Destroy 10 years after the most recent encounter, but longer

retention is authorized if needed for business use.

GRS 2.7 item 080 (DAA-GRS-2017-0010-0013)Non-occupational health and

wellness program records. Temporary. Destroy 3 years after the project/activity/or

transaction is completed or superseded, but longer retention is authorized if needed for

business use.

GRS 2.7 item 063 (DAA-GRS-2021-0003-0001)Vaccination attestations and

proof of vaccination records. Federal employees and contractors. Temporary. Destroy

when 3 years old.

GRS 2.7 item 064 (DAA-GRS-2021-0003-0002)Vaccination attestations and

proof of vaccination records. Visitors. Temporary. Destroy when 30 days old.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The NRC safeguards records in this system according to applicable rules and

polices, including all applicable NRC automat ed systems security and access policies.

The NRC has imposed controls to minimize the risk of compromising the information that

is being stored. Users of individual computers can only gain access to the data by valid

user identification and password. Paper records are maintained in a secure, access-

controlled room, with access limited to authorized personnel.

RECORDS ACCESS PROCEDURES:

Same as Notification procedures.

95 CONTESTING RECORD PROCEDURES:

Same as Notification procedures.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains

information about them should write to the Free dom of Information Act Officer or Privacy

Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,

Washington, DC 20555-0001, and comply with procedures contained in NRC's Privacy

Act regulations, 10 CFR part 9.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

HISTORY:

None.

96 Addendum IList of U.S. Nuclear Regulatory Commission Locations

Part 1NRC Headquarters Offices

1. One White Flint North, 11555 Rockville Pike, Rockville, Maryland.
2. Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.
3. Three White Flint North, 11601 Landsdown Street, North Bethesda, MD

Part 2NRC Regional Offices

1. NRC Region I, 475 Allendale Road, Suite 102, King of Prussia, Pennsylvania.
2. NRC Region II, Marquis One Tower, 245 Peachtree Center Avenue N.E., Suite

1200, Atlanta, Georgia.

3. NRC Region III, 2443 Warrenville Road, Suite 210, Lisle, Illinois.
4. NRC Region IV, 1600 East Lamar Boulevard, Arlington, Texas.
5. NRC Technical Training Center, Osborne Office Center, 5746 Marlin Road, Suite

200, Chattanooga, Tennessee.

97