Privacy Act of 1974; Implementation

Issuing agencies

Abstract

The Department of Defense (Department or DoD) is giving concurrent notice of a new Department-wide system of records pursuant to the Privacy Act of 1974 for the DoD-0025, "Counterintelligence Investigations and Collection Activities (CICA)" system of records and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of this system of records from certain provisions of the Privacy Act to protect national security and law enforcement interests.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 137 (Monday, July 21, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 137 (Monday, July 21, 2025)]
[Proposed Rules]
[Pages 34197-34200]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-13581]



DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 310

[Docket ID: DoD-2025-OS-0177]
RIN 0790-AL67


Privacy Act of 1974; Implementation

AGENCY: Office of the Secretary of Defense (OSD), Department of Defense 
(DoD).

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Defense (Department or DoD) is giving 
concurrent notice of a new Department-wide system of records pursuant 
to the Privacy Act of 1974 for the DoD-0025, ``Counterintelligence 
Investigations and Collection Activities (CICA)'' system of records and 
this proposed rulemaking.

[[Page 34198]]

In this proposed rulemaking, the Department proposes to exempt portions 
of this system of records from certain provisions of the Privacy Act to 
protect national security and law enforcement interests.

DATES: Send comments on or before September 19, 2025.

ADDRESSES: You may submit comments, identified by docket number and 
title, by either of the following methods:
    * Federal eRulemaking Portal: <a href="https://www.regulations.gov">https://www.regulations.gov</a>. Follow 
the instructions for submitting comments.
    * Mail: Department of Defense, Office of the Assistant to the 
Secretary of Defense for Privacy, Civil Liberties, and Transparency, 
Regulatory Directorate, 4800 Mark Center Drive, Attn: Mailbox #24, 
Suite 05F16, Alexandria, VA 22350-1700.
    Instructions: All submissions received must include the agency name 
and docket number or Regulation Identifier Number for this Federal 
Register document. The general policy for comments and other 
submissions from members of the public is to make these submissions 
available for public viewing on the internet at <a href="https://www.regulations.gov">https://www.regulations.gov</a> as they are received without change, including any 
personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Ms. Rahwa Keleta, Defense Privacy and 
Civil Liberties Directorate, Office of the Assistant to the Secretary 
of Defense for Privacy, Civil Liberties, and Transparency, Department 
of Defense, 4800 Mark Center Drive, Mailbox #24, Suite 05F16, 
Alexandria, VA 22350-1700; <a href="/cdn-cgi/l/email-protection#89e6faeda7e4eaa4e8e5ecf1a7e6e8fdfaeda4f9eae5fda7e4ebf1a7f9eae5eda4fae6fbe7c9e4e8e0e5a7e4e0e5"><span class="__cf_email__" data-cfemail="036c70672d6e602e626f667b2d6c627770672e73606f772d6e617b2d73606f672e706c716d436e626a6f2d6e6a6f">[email&#160;protected]</span></a>; (703) 571-0070.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, the DoD is establishing 
a new Department-wide system of records titled, ``Counterintelligence 
Investigations and Collection Activities,'' (CICA), DoD-0025. This 
system of records covers DoD's maintenance of records about 
counterintelligence (CI) investigations and collection activities. The 
purpose of CICA is to determine whether an individual is acting for or 
on behalf of foreign powers organizations, or persons, or their agents, 
or international terrorist organizations or activities. Note. This 
differs from the purpose of Counterintelligence Functional Services 
(CIFS), DoD-0010, which is to protect Department resources and 
personnel from foreign adversaries who seek to exploit sensitive 
information, operations, and agency programs to the detriment of the 
U.S. Government. It is also separate from the purpose of the DoD 
Insider Threat Management and Analysis Center (DITMAC) and DoD 
Component Insider Threat Records System, DUSDI 01-DoD, which addresses 
security functions. This system consists of both electronic and paper 
records and will be used by DoD components and offices to maintain 
records supporting the CI mission for the Department. Additional 
information about CICA may be found in the accompanying notice of a new 
system of records, published elsewhere in today's issue of the Federal 
Register.

II. Privacy Act Exemption

    The Privacy Act allows Federal agencies to exempt eligible records 
in a system of records from certain provisions of the Act, including 
those that provide individuals with a right to request access to and 
amendment of their own records. If an agency intends to exempt a 
particular system of records, it must first go through the rulemaking 
process to provide public notice and an opportunity to comment on the 
proposed exemption. This proposed rule explains why exemptions are 
being claimed for this system of records and invites public comment, 
which the DoD will consider before the issuance of a final rule 
implementing those exemptions.
    The DoD proposes to modify 32 CFR part 310 to add a new Privacy Act 
exemption rule for the DoD-0025, CICA system of records. In this 
proposed rule, the Department proposes to exempt portions of this 
system of records from certain provisions of the Privacy Act because 
information in this system of records may fall within the scope of the 
following Privacy Act exemptions: 5 U.S.C. 552a(k)(1) and 5 U.S.C. 
552a(k)(2).
    The DoD is proposing to add a new Privacy Act exemption rule 
because records within this system of records may contain classified 
national security information and providing notice, access, amendment, 
and disclosure of accounting of those records to an individual, as well 
as certain recordkeeping requirements, may cause damage to national 
security. The Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), authorizes 
agencies to claim an exemption for systems of records that contain 
information properly classified pursuant to executive order. The DoD 
therefore is proposing to claim an exemption from several provisions of 
the Privacy Act, including various access, amendment, disclosure of 
accounting, and certain recordkeeping and notice requirements, to 
prevent disclosure of any information properly classified pursuant to 
executive order, as implemented by DoD Instruction 5200.01 and DoD 
Manual 5200.01, Volumes 1 and 3.
    The DoD is also proposing this Privacy Act exemption rule because 
this system of records may contain investigatory material compiled for 
law enforcement purposes within the scope of 5 U.S.C. 552a(k)(2). This 
exemption authorizes agencies to claim an exemption for systems of 
records that contain investigatory materials compiled for law 
enforcement purposes, other than material within the scope of 5 U.S.C. 
552a(j)(2). Because information in this system may contain such 
investigatory materials for the purpose of receiving, evaluating, and 
sharing lead information for investigative inquiry and follow-up, the 
Department is proposing to claim an exemption for this system pursuant 
to 5 U.S.C. 552a(k)(2).
    The DoD therefore proposes to exempt this system from several 
provisions of the Privacy Act, including various access, amendment, 
disclosure of accounting, and certain record-keeping and notice 
requirements, to prevent identification of actual or potential subjects 
of investigation and/or identification of sources of investigative 
information so as to prevent harm to the underlying law enforcement 
purpose.
    A notice of a new system of records for DoD-0025 is also published 
in this issue of the Federal Register.

Regulatory Analysis

Executive Order 12866, ``Regulatory Planning and Review,'' and 
Executive Order 13563, ``Improving Regulation and Regulatory Review.''

    Executive Orders 12866 and 13563 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distribute impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility. It has been determined that this rule is not a significant 
regulatory action.

Executive Order 14192, ``Unleashing Prosperity Through Deregulation''

    This rule is not an Executive Order 14192 regulatory action because 
this

[[Page 34199]]

rule is not significant under Executive Order 12866.

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    Section 202(a) of the Unfunded Mandates Reform Act of 1995 (UMRA) 
(2 U.S.C. 1532(a)) requires agencies to assess anticipated costs and 
benefits before issuing any rule whose mandates may result in the 
expenditure by State, local, and Tribal Governments in the aggregate, 
or by the private sector, in any one year of $100 million in 1995 
dollars, updated annually for inflation. This rule will not mandate any 
requirements for State, local, or Tribal Governments, nor will it 
affect private sector costs.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 6)

    The Acting Assistant to the Secretary of Defense for Privacy, Civil 
Liberties, and Transparency has certified that this rule is not subject 
to the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) because it 
would not, if promulgated, have a significant economic impact on a 
substantial number of small entities. This rule is concerned only with 
the administration of Privacy Act systems of records within the DoD. 
Therefore, the Regulatory Flexibility Act, as amended, does not require 
DoD to prepare a regulatory flexibility analysis.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    The Paperwork Reduction Act (44 U.S.C. 3501 et seq.) was enacted to 
minimize the paperwork burden for individuals; small businesses; 
educational and nonprofit institutions; Federal contractors; State, 
local, and Tribal Governments; and other persons resulting from the 
collection of information by or for the Federal Government. The Act 
requires that agencies obtain approval from the Office of Management 
and Budget before using identical questions to collect information from 
ten or more persons. This rule does not impose reporting or 
recordkeeping requirements on the public.

Executive Order 13132, ``Federalism''

    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule that has 
Federalism implications, imposes substantial direct compliance costs on 
State and local governments, and is not required by statute, or has 
federalism implications and preempts state law. This rule will not have 
a substantial effect on State and local Governments.

Executive Order 13175, ``Consultation and Coordination With Indian 
Tribal Governments''

    Executive Order 13175 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule (and subsequent 
final rule) that imposes substantial direct compliance costs on one or 
more Indian Tribes, preempts Tribal Law, or affects the distribution of 
power and responsibilities between the Federal Government and Indian 
Tribes. This rule will not have a substantial effect on Indian Tribal 
Governments.

List of Subjects in 32 CFR Part 310

    Privacy.

    Accordingly, 32 CFR part 310 is proposed to be amended as follows:

PART 310--PROTECTION OF PRIVACY AND ACCESS TO AND AMENDMENT OF 
INDIVIDUAL RECORDS UNDER THE PRIVACY ACT OF 1974

0
1. The authority citation for 32 CFR part 310 continues to read as 
follows:

    Authority:  5 U.S.C. 552a.

0
2. Reserve paragraphs (e)(15)-(17).
0
3. Amend Sec.  310.13 is amended by adding paragraph (e)(18) to read as 
follows:


Sec.  310.13  Exemptions for DoD-wide systems.

* * * * *
    (e) * * *
    (18) System identifier and name. DoD-0025, ``Counterintelligence 
Investigations and Collection Activities, (CICA).''
    (i) Exemptions. This system of records is exempt from 5 U.S.C. 
552a(c)(3); (d)(1), (2), (3), and (4); (e)(1); (e)(4)(G), (H), and (I); 
and (f) of the Privacy Act.
    (ii) Authority. 5 U.S.C. 552a(k)(1) and (k)(2).
    (iii) Exemption from the particular subsections. Exemption from the 
particular subsections is justified for the following reasons:
    (A) Subsections (c)(3), (d)(1), and (d)(2).
    (1) Exemption (k)(1). Records in this system of records may contain 
information concerning individuals that is properly classified pursuant 
to executive order. Application of exemption (k)(1) for such records 
may be necessary because access to and amendment of the records, or 
release of the accounting of disclosures for such records, could reveal 
classified information. Disclosure of classified records to an 
individual may cause damage to national security.
    (2) Exemption (k)(2). Records in this system of records may contain 
investigatory material compiled for law enforcement purposes other than 
material within the scope of 5 U.S.C. 552a(j)(2). Application of 
exemption (k)(2) for such records may be necessary because access to, 
amendment of, or release of the accounting of disclosures of such 
records could: inform the record subject of an investigation of the 
existence, nature, or scope of an actual or potential law enforcement 
or disciplinary investigation, and thereby seriously impede law 
enforcement or prosecutorial efforts by permitting the record subject 
and other persons to whom he might disclose the records to avoid 
criminal penalties, civil remedies, or disciplinary measures; interfere 
with a civil or administrative action or investigation by allowing the 
subject to tamper with witnesses or evidence, and to avoid detection or 
apprehension, which may undermine the entire investigatory process; and 
result in an unwarranted invasion of the privacy of others. Amendment 
of such records could also impose a highly impracticable administrative 
burden by requiring investigations to be continuously reinvestigated.
    (B) Subsections (d)(3) and (4). These subsections are inapplicable 
to the extent an exemption is claimed from (d)(2).
    (C) Subsection (e)(1). Records within this system may be properly 
classified pursuant to executive order. Disclosure of classified 
records to an individual may cause damage to national security. 
Additionally, in the collection of information for investigatory or law 
enforcement purposes, it is not always possible to conclusively 
determine the relevance and necessity of particular information in the 
early stages of the investigation or adjudication. In some instances, 
it will be only after the collected information is evaluated in light 
of other information that its relevance and necessity for effective 
investigation and adjudication can be assessed. Accordingly, 
application of exemptions (k)(1) and (k)(2) may be necessary.
    (D) Subsections (e)(4)(G) and (H), and Subsection (f). These 
subsections are inapplicable to the extent exemption is claimed from 
the access and amendment provisions of subsection (d). Because portions 
of this system are exempt from the individual access and amendment 
provisions of subsection (d) for the reasons noted above, the DoD is 
not required to establish requirements, rules, or procedures with 
respect to such access or amendment provisions. Providing notice to 
individuals with respect to the existence of records pertaining to them 
in the system of

[[Page 34200]]

records or otherwise setting up procedures pursuant to which 
individuals may access, view, and seek to amend records pertaining to 
themselves in the system would potentially undermine investigative 
efforts, reveal the identities of witnesses, potential witnesses, and 
confidential informants, and impose an undue administrative burden. 
Accordingly, application of exemptions (k)(1) and (k)(2) may be 
necessary.
    (E) Subsections (e)(4)(I). To the extent that this provision is 
construed to require more detailed disclosure than the broad 
information currently published in the system notice concerning 
categories of sources of records in the system, an exemption from this 
provision is necessary to protect national security and the 
confidentiality of sources and methods, and other classified 
information.
    (iv) Exempt records from other systems. In the course of carrying 
out the overall purpose for this system, exempt records from other 
systems of records may in turn become part of the records maintained in 
this system. To the extent that copies of exempt records from those 
other systems of records are maintained in this system, the DoD claims 
the same exemptions for the records from those other systems that are 
entered into this system, as claimed for the prior system(s) of which 
they are a part, provided the reason for the exemption remains valid 
and necessary.

    Dated: July 16, 2025.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2025-13581 Filed 7-18-25; 8:45 am]
BILLING CODE 6001-FR-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>