RIS 2007-04, PII Submitted to the NRC

UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

OFFICE OF NUCLEAR MATERIAL SAFETY AND SAFEGUARDS

OFFICE OF FEDERAL AND STATE MATERIALS AND ENVIRONMENTAL MANAGEMENT

PROGRAMS

WASHINGTON, DC 20555-0001 March 9, 2007 NRC REGULATORY ISSUE SUMMARY 2007-04 PERSONALLY IDENTIFIABLE INFORMATION SUBMITTED TO

THE U.S. NUCLEAR REGULATORY COMMISSION

ADDRESSEES

All holders of operating licenses for nuclear power reactors and holders of and applicants for certificates for reactor designs. All licensees, certificate holders, applicants, and other entities subject to regulation by the U.S. Nuclear Regulatory Commission (NRC) of the use of source, byproduct, and special nuclear material.

INTENT

NRC is issuing this regulatory issue summary (RIS) to inform addressees that they should clearly identify documents submitted to NRC as sensitive if they contain any personally identifiable information (PII). This RIS requires no action or written response on the part of an addressee.

BACKGROUND INFORMATION

NRC has initiated improvements related to the protection of PII. These improvements are based on Office of Management and Budgets (OMBs) June 23, 2006, memorandum (M-06-

16), Protection of Sensitive Agency Information. NRC also noted the recent, inadvertent disclosures of PII in both the private sector and the Federal Government, and the increased reports of stolen or missing Government-owned laptop computers containing PII. As a result, on September 29, 2006, the Director, Office of Information Services (OIS), established a task force to review the use of Social Security numbers (SSNs) in NRC forms and evaluate methods to minimize the collection of PII by refining the agencys policies and procedures. This task force will raise staff awareness of PII issues, review and update NRC guidance to reflect OMBs recommendations, and assist program offices in identifying current data containing PII. The task force recommendations may minimize the need for stakeholders to submit PII in the future.

NRC will coordinate with its contractors to ensure that they also properly protect PII. With this RIS, NRC is reaching out to permit holders and licensees to enhance their awareness of the sensitivity of PII and the need to protect it from inappropriate (i.e., public) disclosure.

SUMMARY OF ISSUE

PII is information that (a) can be used to identify or contact a person uniquely and reliably or (b) can be traced back to a specific individual (i.e., a persons name in conjunction with any of the following information: relatives names, postal address, home e-mail address, home or cellular telephone number, personal characteristics, SSN, date or place of birth, mothers maiden name, drivers license number, bank account information, credit card information, or any information that would make the individuals identity easily traceable).

The loss of PII can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information. Protecting PII is a shared responsibility. Therefore, the information provided in this RIS should receive the widest possible distribution in order to promote awareness of privacy and security responsibilities.

Title 10 of the Code of Federal Regulations (10 CFR) Section 2.390(a)(6) provides the necessary tools to preclude disclosure of PII.

VOLUNTARY ACTION

Addressees

are reminded that any documents submitted to NRC that contain PII should be clearly identified as containing sensitive information in accordance with 10 CFR 2.390 so that these documents will not be placed in the Publicly Available Records System.

PII is deemed personal privacy information. If it is necessary to include PII in a submitted document, the submitters should mark the document to indicate the presence of PII as follows:

The cover letter should clearly state that the attached documents contain PII. When separated from the attached documents, if the cover letter itself does not contain PII,

the cover letter itself is uncontrolled.

As shown on the enclosed diagram, the top of every page of a letter or document that contains PII should include the marking Personally Identifiable Information Withhold Under 10 CFR 2.390. For the pages containing PII, an additional parenthetical marking of (PII) should be placed adjacent to each paragraph containing PII.

VOLUNTARY RESPONSE

Any action on the part of addressees to identify and mark PII in accordance with the guidance contained in this RIS is strictly voluntary.

BACKFIT DISCUSSION

This RIS requires no action or written response and is, therefore, not a backfit under NRC

regulation. Consequently, the staff did not perform a backfit analysis.

FEDERAL REGISTER NOTIFICATION

A notice of opportunity for public comment on this RIS was not published in the Federal Register because it is informational and does not represent a departure from current regulatory requirements and practice.

CONGRESSIONAL REVIEW ACT

This RIS is not a rule as designated by the Congressional Review Act (5 U.S.C. § 801-808)

and, therefore, is not subject to the Act.

PAPERWORK REDUCTION ACT STATEMENT

This RIS does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).

CONTACT

Please direct any questions about this matter to the technical contact or the Division Directors listed below, or to the appropriate Office of Nuclear Reactor Regulation project manager.

/RA by HNieh for/

/RA/

Michael J. Case, Director Janet R. Schlueter, Director Division of Policy and Rulemaking Division of Materials Safety and State Office of Nuclear Reactor Regulations Agreements Office of Federal and State Materials and Environmental Programs

Technical Contact:

Russell A. Nichols, OIS

301-415-6874 E-mail: ran2@nrc.gov Enclosures:

1. Suggested Marking Diagram for Documents Containing Personally Identifiable Information Withheld Under 10 CFR 2.390

2. Recently Issued FSME/NMSS Generic Communications List Note: NRC generic communications may be found on the NRC Public Web site, http://www.nrc.gov, under the Electronic Reading Room/Document Collections.

FEDERAL REGISTER NOTIFICATION

A notice of opportunity for public comment on this RIS was not published in the Federal Register because it is informational and does not represent a departure from current regulatory requirements and practice.

CONGRESSIONAL REVIEW ACT

This RIS is not a rule as designated by the Congressional Review Act (5 U.S.C. § 801-808)

and, therefore, is not subject to the Act.

PAPERWORK REDUCTION ACT STATEMENT

This RIS does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).

CONTACT

Please direct any questions about this matter to the technical contact or the Division Directors listed below, or to the appropriate Office of Nuclear Reactor Regulation (NRR) project manager.

/RA by HNieh for/

/RA/

Michael J. Case, Director Janet R. Schlueter, Director Division of Policy and Rulemaking Division of Materials Safety and State Office of Nuclear Reactor Regulations Agreements Office of Federal and State Materials and Environmental Programs

Technical Contact:

Russell A. Nichols, OIS

301-415-6874 E-mail: ran2@nrc.gov Enclosures:

1. Suggested Marking Diagram for Documents Containing Personally Identifiable Information Withheld Under 10 CFR 2.390

2. Recently Issued FSME/NMSS Generic Communications List Note: NRC generic communications may be found on the NRC Public Web site, http://www.nrc.gov, under the Electronic Reading Room/Document Collections.

Accession Number: ML063470597 OFFICE

RFPSB

Tech Editor TL:RFPSB

BC:RFPSB

D:IRSD

NAME

DSealing HChang RNichols MJanney JMGolder for JLinehan DATE

02/01/07

02/01/07

02/01/07

02/01/07

02/02/07 OFFICE

D:DORL:NRR

D:FCSS:NMSS

D:SFST:NMSS

D:HLWRS:NMSS

D:WMEP:FSME

NAME

JLubinski for CHaney RPierson WBrach LKokajko LCamper DATE

02/15/07

02/05/07

02/14/07

02/06/07

02/06/07 OFFICE

D:ILR:FSME

OE

OGC (NLO)

OGC (CRA)

PMAS:NRR

NAME

JLuehmen for DRathbun SBogle/RRossi NSanchez NSanchez JHarves DATE

02/07/07

02/09/07

02/15/07

02/15/07

02/06/07 OFFICE

OIS

LA:PGCB

PGCB

BC:PGCB

D:MSSA:FSME

NAME

CColburn CHawes CMH

AMarkley CJackson JSchlueter DATE

03/07/07

3/7/07

3/7/07

03/07/07

03/09/07 OFFICE

D:DPR:NRR

NAME

HNieh for MCase DATE

03/09/07

Personally Identifiable Information Withhold Under 10 CFR 2.390

Subject XXXXXXXXXXXX

XXXXXXXXXXXX

XXXXXXXXXXXX

XXX

(PII) XXXXXXXXX

XXXXXXXXXXXX

XXXXXXXXX

(PII)

SUGGESTED MARKING DIAGRAM FOR

DOCUMENTS CONTAINING PERSONALLY IDENTIFIABLE INFORMATION

WITHHELD UNDER 10 CFR 2.390

Enclosure 1 RIS-2007-04 This enclosure provides information on suggested markings for pages of a document that contain personally identifiable information (PII).

Page Markings Mark the top of every page of a document that contains PII.

Ensure that the subject line does not contain PII.

Include an additional parenthetical marking of (PII) adjacent to each paragraph containing PII.

Note that a cover letter should clearly state that the attached documents contain PII. Only mark the cover letter if the letter itself contains PII.

Enclosure 2 Recently Issued FSME/NMSS Generic Communications Date GC No.

Subject

Addressees

02/02/07 IN-07-03 Reportable Medical Events Involving Patients Receiving Dosages of Sodium Iodide Iodine-131 less than the Prescribed Dosage Because of Capsules Remaining in Vials after Administration All U.S. Nuclear Regulatory Commission (NRC) medical use licensees and NRC

Master Materials Licensees. All Agreement State Radiation Control Program Directors and State Liaison Officers.

02/28/07 IN-07-03 Potential Vulnerabilities of Time- reliant Computer-based Systems Due to Change in Daylight Saving Time Dates All U. S. Nuclear Regulatory Commission (NRC) licensees and all Agreement State Radiation Control Program Directors and State Liaison Officers.

03/01/07 RIS-07-03 Ionizing Radiation Warning Symbol All U.S. Nuclear Regulatory Commission (NRC) licensees and certificate holders. All Radiation Control Program Directors and State Liaison Officers Note: NRC generic communications may be found on the NRC public website at http://www.nrc.gov, under Electronic Reading Room/Document Collections.