Privacy Act of 1974; System of Records

Issuing agencies

Abstract

As required by the Privacy Act of 1974 and the Office of Management and Budget (OMB) Circulars A-108 and A-130, the Department of Energy (DOE or the Department) is publishing notice of a newly established Privacy Act system of records. DOE proposes to establish System of Records DOE-85 Research, Technology, and Economic Security (RTES) Due Diligence Review Records as part of the Department's implementation of Government-wide and Departmental RTES requirements included in National Security Presidential Memorandum-33 (NSPM-33), the CHIPS and Science Act, and other laws or Executive orders related to research security. Records in this system are maintained and used by the Department to track and monitor research, technology, and economic security risk assessments associated with the projects for which the Department receives applications, proposals, and submissions for research, development, deployment, demonstrations, commercialization, and scientific activities, and Departmental laboratories and facilities performing such activities, as well as certain high-risk non-scientific and non-research and development activities and for projects DOE otherwise is or is considering supporting.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 175 (Tuesday, September 10, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 175 (Tuesday, September 10, 2024)]
[Notices]
[Pages 73399-73402]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-20376]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY


Privacy Act of 1974; System of Records

AGENCY: U.S. Department of Energy.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974 and the Office of 
Management and Budget (OMB) Circulars A-108 and A-130, the Department 
of Energy (DOE or the Department) is publishing notice of a newly 
established Privacy Act system of records. DOE proposes to establish 
System of Records DOE-85 Research, Technology, and Economic Security 
(RTES) Due Diligence Review Records as part of the Department's 
implementation of Government-wide and Departmental RTES requirements 
included in National Security Presidential Memorandum-33 (NSPM-33), the 
CHIPS and Science Act, and other laws or Executive orders related to 
research security. Records in this system are maintained and used by 
the Department to track and monitor research, technology, and economic 
security risk assessments associated with the projects for which the 
Department receives applications, proposals, and submissions for 
research, development, deployment, demonstrations, commercialization, 
and scientific activities, and Departmental laboratories and facilities 
performing such activities, as well as certain high-risk non-scientific 
and non-research and development activities and for projects DOE 
otherwise is or is considering supporting.

DATES: This new System of Records Notice (SORN) will become applicable 
following the end of the public comment period on October 9, 2024, 
unless comments are received that result in a contrary determination.

ADDRESSES: Written comments should be sent to the DOE Desk Officer, 
Office of Information and Regulatory Affairs, Office of Management and 
Budget, New Executive Office Building, Room 10102, 735 17th Street NW, 
Washington, DC 20503 and to Ken Hunt, Chief Privacy Officer, U.S. 
Department of Energy, 1000 Independence Avenue SW, Rm. 8H-085, 
Washington, DC 20585, by facsimile at (202) 586-8151, or by email at 
<a href="/cdn-cgi/l/email-protection#6a1a18031c0b09132a021b440e050f440d051c"><span class="__cf_email__" data-cfemail="6d1d1f041b0c0e142d051c43090208430a021b">[email&#160;protected]</span></a>.

FOR FURTHER INFORMATION CONTACT: Ken Hunt, Chief Privacy Officer, U.S. 
Department of Energy, 1000 Independence Avenue SW, Rm 8H-085, 
Washington, DC 20585, or by facsimile at (202) 586-8151, by email at 
<a href="/cdn-cgi/l/email-protection#90e0e2f9e6f1f3e9d0f8e1bef4fff5bef7ffe6"><span class="__cf_email__" data-cfemail="59292b302f383a20193128773d363c773e362f">[email&#160;protected]</span></a>, or by telephone at (240) 686-9485.

SUPPLEMENTARY INFORMATION: DOE proposes to establish System of Records 
DOE-85 Research, Technology, and Economic Security (RTES) Due Diligence 
Review Records. Records in this system are maintained and used by the 
Department to track and monitor research, technology, and economic 
security risk assessments associated with the projects for which the 
Department receives applications, proposals, and submissions for 
research, development, deployment, demonstrations, commercialization, 
and scientific activities, and Departmental laboratories and facilities 
performing such activities, as well as certain non-scientific and non-
research and development activities and for projects DOE/National 
Nuclear Security Administration (NNSA) is considering supporting.
    RTES requirements applicable to financial assistance agreements 
will be implemented through DOE/NNSA financial assistance policies, 
funding opportunity announcements, and award terms and conditions. RTES 
requirements applicable to Departmental laboratories and facilities 
will be implemented through Departmental policies, directives, and DOE/
NNSA laboratory prime contract requirements. Section 10637 of the 
Research and Development, Competition, and Innovation Act (Pub. L. 117-
167), part of the CHIPS and Science Act, provides that Federal agencies 
must ``ensure that policies and activities developed and implemented 
pursuant to [the Act's research security requirements] are carried out 
in a manner that does not target, stigmatize, or discriminate against 
individuals on the basis of race, ethnicity, or national origin, 
consistent with title VI of the Civil Rights Act of 1964 (42 U.S.C. 
2000d et seq.).''

SYSTEM NAME AND NUMBER:
    DOE-85 Research, Technology, and Economic Security (RTES) Due 
Diligence Review Records.

SECURITY CLASSIFICATION:
    Both classified and unclassified.

SYSTEM LOCATION:
    Systems leveraging this SORN may exist in multiple locations. All 
systems storing records in a cloud-based server are required to use 
government-approved cloud services and follow National Institute of 
Standards and Technology (NIST) security and privacy standards for 
access and data retention. Records maintained in a government-approved 
cloud server are accessed through secure data centers in the 
continental United States.
    U.S. Department of Energy Headquarters, 1000 Independence Avenue 
SW, Washington, DC 20585.

SYSTEM MANAGER:
    Director, Office of Research, Technology, and Economic Security 
(RTES). U.S. Department of Energy Headquarters, 1000 Independence 
Avenue SW, Washington, DC 20585.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 7101 et seq.; 50 U.S.C. 2401 et seq.; The Atomic Energy 
Act of 1954 (Pub. L. 83-303), as amended (42 U.S.C. 2011 et seq.), 
sections 31, 32, and 33; The Economy Act of 1932, 31 U.S.C. 1535; 
Presidential Memorandum on United States Government-Supported Research 
and Development National Security Policy 33 (NSPM-33); Research and 
Development, Competition, and Innovation Act, Div. B of the CHIPS and 
Science Act (42 U.S.C. 18912, 19231-19237; Pub. L. 117-167); National 
Defense Authorization Act for Fiscal Year 2021 (42 U.S.C. 6605; Pub. L. 
116-283); National Defense Authorization Act for Fiscal Year 2020 (42 
U.S.C. 6601 note; Pub. L. 116-92); the SBIR and STTR Extension Act of 
2022 (15 U.S.C. 638(vv); Pub. L. 117-183); DOE Order 486.1A, Foreign 
Government Sponsored or Affiliated Activities; DOE Policy 485.1A, 
Foreign Engagements with DOE National Laboratories; OMB Memorandum M-
19-16, Centralized Mission Support Capabilities for the Federal 
Government (April 26, 2019); Federal Grant and Cooperative Agreement 
Act of 1977 (Pub. L. 95-224); Grants Oversight and New Efficiency Act 
of 2016 (Pub. L. 114-117); Digital Accountability and Transparency Act 
of 2014 (Pub. L. 113-101); Federal Funding Accountability and 
Transparency Act of 2006 (Pub. L. 109-282); Lobbying Disclosure Act of 
1995 (Pub. L. 104-65); Single Audit Act (1984) (Pub. L. 98-502); 
Uniform Administrative Requirements, Cost Principles, and Audit 
Requirements for Federal Awards, 2 CFR part 200.

[[Page 73400]]

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to enhance DOE's capabilities to 
aggregate, link, analyze and maintain information used by the 
Department to assess research, technology, and economic security (RTES) 
risk. RTES risks may include risk of foreign government interference 
and exploitation, intellectual property (IP) loss, national security 
risk, conflicts of interest, and conflicts of commitment, and other 
parameters defined in DOE/NNSA policy. The RTES analysis builds on pre-
existing information provided by individuals and organizations that 
interact with DOE/NNSA, paired with public records (see categories of 
records), and in some cases, classified information. Consistent with 
NSPM-33, applicable law, and existing DOE/NNSA policies, the system 
records may be shared as appropriate with other Federal funding 
agencies and internally within DOE/NNSA to help ensure a coordinated 
and consistent approach to risk assessment.
    Information collected in this system may be utilized for the 
following purposes:
    1. To identify inconsistencies in information reported by 
individuals to DOE/NNSA related to submitted proposals, terms and 
conditions, and project reports of a DOE/NNSA award or other activity. 
An example of inconsistencies could include undisclosed current and 
pending research support or positions and appointments.
    2. To conduct due diligence and RTES risk assessments established 
according to guidelines (e.g., risk matrices) and review processes to 
evaluate and manage research, development, deployment, demonstrations, 
commercialization, and scientific activities.
    3. To use RTES risk assessments to ensure that DOE/NNSA makes 
informed funding decisions including implementation of RTES risk 
mitigations as a condition of funding, if needed, to ensure that U.S. 
economic and national security interests are protected.
    4. To monitor and notify current and potential participants (i.e., 
recipients and applicants) in the subject DOE/NNSA research, 
development, deployment, demonstrations, commercialization, and 
scientific activities of unmanageable RTES risks and compliance with 
applicable RTES requirements and mitigations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    1. Individuals who apply to (either directly or as part of an 
application submitted by an entity), participate in, or are supported 
by DOE/NNSA funding programs (e.g., financial assistance, Partnership 
Intermediary Agreements (PIAs), prize competitions, loans, and 
contracts). These individuals would include individuals designated by 
the applicant to direct the project (e.g., Principal Investigators, 
Program Directors), senior/key personnel, and other members of project 
teams. These individuals may also include DOE/NNSA contractor-operated 
and government-operated laboratory employees and laboratory partners. 
To inform the assessment of an entity's foreign ownership, control, and 
influence (FOCI), including FOCI related to foreign countries of 
concern, countries of risk, foreign entities of concern, entities of 
concern, or similar terms as defined in applicable laws or DOE/NNSA 
policies, the system includes information on individuals in a position 
to own, control or influence the entity (e.g., owners, directors, board 
members, and significant investors and shareholders), consistent with 
applicable requirements.
    2. Individuals who evaluate applications submitted to DOE/NNSA or 
DOE/NNSA-supported projects, either by submitting individual comments, 
or by serving on review panels or site visit teams, i.e., independent 
merit reviewers, peer reviewers and advisory committee and panel 
members.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Records related to application, negotiation, award, and 
reporting processes for financial assistance, PIA, loan application 
documents, records of financial assistance awards and contracts, 
financial data, Unique Entity Identifier (i.e., business/organization 
unique identifier), Taxpayer Identification Number (TIN), to include 
Employer Identification Number (EIN), persistent identifiers (e.g., 
Open Researcher and Contributor ID), demographic data, place of 
residency, location of business operation, citizenship status, academic 
and other reports, disclosures, and other deliverables, including 
resumes, curriculum vitae, and statements of current and pending 
support.
    2. Publication and patent information (including co-author and co-
inventor connections) will be obtained from third parties that compile 
related public information for commercial purposes. Such sources 
include, but are not limited to, Clarivate (Web of Science), Elsevier 
(Scopus), Dimensions, United States Patent and Trademark Office, Open 
Researcher and Contributor ID (ORCID), and Google Scholar.
    3. Job positions and titles obtained, as displayed in public 
platforms; undergraduate, graduate and postdoctoral training; academic, 
professional and institutional appointments.
    4. Risk reports; supporting documentation, records, and files; law 
enforcement records, reports and files; reports on foreign contacts, 
travel, and other security-related reporting requirements; records, 
reports and files received from other DOE elements and other Federal 
agencies; open-source, publicly available information compiled by 
commercial tools for risk management and compliance, sometimes referred 
to as ``Business Intelligence Tools''.
    5. Any other information provided by a participant in response to 
follow-up questions regarding potential inconsistencies in initial 
disclosures that may be needed for due diligence review of an 
application or similar instrument submitted to request DOE support 
(e.g., financial assistance, cooperative agreement, grant, prize, or 
loan) and of DOE-supported projects and activities.

RECORD SOURCE CATEGORIES:
    1. Applicant, recipient, awardee, subrecipient, borrower, 
evaluators, reviewers, project support personnel, financial assistance 
applications, cooperative agreement applications, prize applications, 
PIA, financial assistance or cooperative agreement reporting 
requirements, and loan application documents.
    2. The subject individual; publicly or commercially available 
material; other agencies within the Intelligence Community; other 
agencies within the U.S. Government, other offices within the DOE; the 
Federal Bureau of Investigation (FBI), and other Federal, State, and 
local law enforcement agencies; and sources contacted during the due 
diligence review process.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. A record from this system may be disclosed as a routine use to a 
Member of Congress submitting a request involving a constituent when 
the constituent has requested assistance from the member concerning the 
subject matter of the record. The Member of Congress must provide a 
copy of the constituent's signed request for assistance.

[[Page 73401]]

    2. A record from this system may be disclosed as a routine use to 
the appropriate local, Tribal, State, or Federal agency when records, 
alone or in conjunction with other information, indicate a violation or 
potential violation of law whether civil, criminal, or regulatory in 
nature, and whether arising by general statute or particular program 
pursuant thereto.
    3. A record from this system may be disclosed as a routine use for 
the purpose of an investigation, settlement of claims, or the 
preparation and conduct of litigation to (1) persons representing the 
Department in the investigation, settlement or litigation, and to 
individuals assisting in such representation; (2) others involved in 
the investigation, settlement, and litigation, and their 
representatives and individuals assisting those representatives; (3) 
witnesses, potential witnesses, or their representatives and 
assistants; and (4) any other persons who possess information 
pertaining to the matter when it is relevant and necessary to obtain 
information or testimony relevant to the matter.
    4. A record from this system may be disclosed as a routine use to a 
Federal, State, Tribal, or local agency to facilitate the requesting 
agency's decision concerning the hiring or retention of an employee, 
the issuance of a security clearance, the reporting of an investigation 
of an employee, the letting of a contract, or the issuance of a 
license, financial assistance, or other benefit, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter. The Department must deem such disclosure to be 
compatible with the purpose for which the Department collected the 
information.
    5. A record from this system may be disclosed as a routine use to 
appropriate agencies, entities, and persons when (1) the Department 
suspects or has confirmed that there has been a breach of the system of 
records; (2) the Department has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
DOE (including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Department's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    6. A record from this system may be disclosed as a routine use to 
another Federal agency or Federal entity, when the Department 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    7. A record from this system may be disclosed as a routine use to 
contractors, agents, experts, consultants, or others performing work on 
a contract, service, cooperative agreement, job, or other activity for 
DOE/NNSA and who have a need to access the information in the 
performance of their duties or activities for DOE/NNSA.
    8. A record from this system may be disclosed as a routine use to 
the organizations that submitted the application to demonstrate a 
potential inconsistency with DOE's disclosure requirements for 
submitted applications, terms and conditions of a DOE/NNSA award, and 
project reports.
    9. A record from this system may be disclosed as a routine use to 
appropriate Federal agencies and within DOE/NNSA to demonstrate an 
inconsistency with DOE's RTES requirements (e.g., disclosure 
requirements, participation in malign foreign talent recruitment 
programs contrary to policies issued by DOE, or activities that 
threaten research, technology, and economic security), or upon request 
from another agency, if there are overlapping concerns. This includes 
law enforcement, security, and intelligence agencies, relevant agency 
components (such as the Office of Inspector General or the Office of 
Intelligence and Counterintelligence) or other Federal funding 
agencies, consistent with section 4(e) of NSPM-33 and section 1746 of 
the National Defense Authorization Act for Fiscal Year 2020 (Pub. L. 
116-92), to inform efforts related to national and research, 
technology, and economic security. For purpose of this routine use, 
sharing with Federal agencies will be done in coordination with Office 
of the General Counsel.
    10. A record from this system may be disclosed as a routine use to 
Federal science and technology agencies to improve portfolio 
management, coordinate initiatives, and enhance the government's 
understanding of the scientific landscape.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records may be stored as paper records or electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information of individuals who interact with DOE will be retrieved 
by the individual's name, email address, persistent identifiers (e.g., 
ORCID), or DOE identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Retention and disposition of these records is in accordance with 
the National Archives and Records Administration approved records. 
Records in this system are currently unscheduled, which requires the 
records to be retained as permanent until NARA approves a DOE Records 
Disposition Schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records may be secured and maintained on a cloud-based 
software server and operating system that resides in Federal Risk and 
Authorization Management Program (FedRAMP) and Federal Information 
Security Modernization Act (FISMA) hosting environment. Data located in 
the cloud-based server is firewalled and encrypted at rest and in 
transit. The security mechanisms for handling data at rest and in 
transit are in accordance with DOE encryption standards. Records are 
protected from unauthorized access through the following appropriate 
safeguards:
    <bullet> Administrative: Access to all records is limited to lawful 
government purposes only, with access to electronic records based on 
role and either two-factor authentication or password protection. The 
system requires passwords to be complex and to be changed frequently. 
Users accessing system records undergo frequent training in Privacy Act 
and information security requirements. Security and privacy controls 
are reviewed on an ongoing basis.
    <bullet> Technical: Computerized records systems are safeguarded on 
Departmental networks configured for role-based access based on job 
responsibilities and organizational affiliation. Privacy and security 
controls are in place for this system and are updated in accordance 
with applicable requirements as determined by NIST and DOE directives 
and guidance.
    <bullet> Physical: Computer servers on which electronic records are 
stored are located in secured Department facilities, which are 
protected by security guards, identification badges, and cameras. Paper 
copies of all records, if any, are locked in file cabinets, file rooms, 
or offices and are under the control of

[[Page 73402]]

authorized personnel. Access to these facilities is granted only to 
authorized personnel and each person granted access to the system must 
be an individual authorized to use or administer the system.

RECORD ACCESS PROCEDURES:
    The Department follows the procedures outlined in 10 CFR 1008.4. 
Valid identification of the individual making the request is required 
before information will be processed, given, access granted, or a 
correction considered, to ensure that information is processed, given, 
corrected, or records disclosed or corrected only at the request of the 
proper person.

CONTESTING RECORD PROCEDURES:
    Any individual may submit a request to the System Manager and 
request a copy of any records relating to them. In accordance with 10 
CFR 1008.11, any individual may appeal the denial of a request made by 
him or her for information about or for access to or correction or 
amendment of records. An appeal shall be filed within 90 calendar days 
after receipt of the denial. When an appeal is filed by mail, the 
postmark is conclusive as to timeliness. The appeal shall be in writing 
and must be signed by the individual. The words ``PRIVACY ACT APPEAL'' 
should appear in capital letters on the envelope and the letter. 
Appeals relating to DOE records shall be directed to the Director, 
Office of Hearings and Appeals (OHA), 1000 Independence Avenue SW, 
Washington, DC 20585.

NOTIFICATION PROCEDURES:
    In accordance with the DOE regulation implementing the Privacy Act, 
10 CFR part 1008, a request by an individual to determine if a system 
of records contains information about themselves should be directed to 
the U.S. Department of Energy, Headquarters, Privacy Act Officer. The 
request should include the requester's complete name and the time 
period for which records are sought.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    This system is exempt under subsection (k)(1) of the Privacy Act to 
the extent that information within the System meets the criteria of 
those subsections of the Act. Such information has been exempted from 
the provisions of subsections (c)(3) (d), (e)(1), (e)(4)(G), (H), and 
(I), and (f) of the Act. See the Department's Privacy Act regulation at 
10 CFR part 1008.

HISTORY:
    This notice proposes to establish DOE-85 Research, Technology, and 
Economic Security Due Diligence Review Records as a new system of 
records. There has been no previous publication in the Federal Register 
pertaining to this system of records.

Signing Authority

    This document of the Department of Energy was signed on August 29, 
2024, by Ann Dunkin, Senior Agency Official for Privacy, pursuant to 
delegated authority from the Secretary of Energy. That document with 
the original signature and date is maintained by DOE. For 
administrative purposes only, and in compliance with requirements of 
the Office of the Federal Register, the undersigned DOE Federal 
Register Liaison Officer has been authorized to sign and submit the 
document in electronic format for publication, as an official document 
of the Department of Energy. This administrative process in no way 
alters the legal effect of this document upon publication in the 
Federal Register.

    Signed in Washington, DC, on September 5, 2024.
Treena V. Garrett,
Federal Register Liaison Officer, U.S. Department of Energy.
[FR Doc. 2024-20376 Filed 9-9-24; 8:45 am]
BILLING CODE 6450-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>