[Federal Register Volume 85, Number 185 (Wednesday, September 23, 2020)]
[Notices]
[Pages 59759-59762]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-21014]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
[Docket ID: DoD-2020-OS-0080]
Privacy Act of 1974; System of Records
AGENCY: Defense Human Resources Activity (DHRA), Department of Defense
(DoD).
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The Office of the Secretary of Defense (OSD) is modifying the
system of records titled, ``Commercial Travel Information Management
System,'' DHRA 14 DoD. The Commercial Travel Information Management
System (CTIMS) houses the CTIMS data repository and provides web-based
travel information to the DoD travel community, including commercial
vendors. It offers tools to submit help desk tickets, create reports,
complete schedule training, plan trips, and complete other travel
related functions, as well as provides a survey tool that supports the
assessment of Defense Travel programs and the Defense Travel Management
Office (DTMO) Workforce Assessment.
DATES: This system of records modification is effective upon
publication; however, comments on the Routine Uses will be accepted on
or before October 23, 2020. The Routine Uses are effective at the close
of the comment period.
ADDRESSES: You may submit comments, identified by docket number and
title, by any of the following methods:
* Federal Rulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
* Mail: DoD cannot receive written comments at this time due to the
COVID-19 pandemic. Comments should
[[Page 59760]]
be sent electronically to the docket listed above.
Instructions: All submissions received must include the agency name
and docket number for this Federal Register document. The general
policy for comments and other submissions from members of the public is
to make these submissions available for public viewing on the internet
at https://www.regulations.gov as they are received without change,
including any personal identifiers or contact information.
FOR FURTHER INFORMATION CONTACT: Ms. Lyn Kirby, Defense Privacy, Civil
Liberties, and Transparency Division, Directorate for Oversight and
Compliance, Department of Defense, 4800 Mark Center Drive, Mailbox #24,
Suite 08D09, Alexandria, VA 22350-1700; OSD.DPCLTD@mail.mil; (703) 571-
0070.
SUPPLEMENTARY INFORMATION: The CTIMS serves as a repository of DoD
travel records consisting of travel booked within the Defense Travel
System (DTS) in order to perform key DTMO mission functions including
responding to federal reporting requirements and conducting oversight
operations. The OSD proposes to modify this system of records to
reflect the revision of the Joint Federal Travel Regulation and its
codification in 41 CFR 300-304. Additional changes were made to reflect
evolving mission needs and updates to the system location and security.
In all, this modification reflects changes to the system location,
system manager(s), security classification, authority for maintenance
of the system, purpose of the system, categories of individuals covered
by the system, categories of records in the system, record source
categories, routine uses of records maintained in the system, including
categories of users and purposes of such users, policies and practices
for retrieval of records, policies and practices for retention and
disposal of records, contesting record procedures, administrative,
physical, and technical safeguards, record access procedures, and
notification procedures. If these updates were not made, the system
would not be able to provide the full set of services required to
support the mission-essential Defense Travel Program.
The DoD notices for systems of records subject to the Privacy Act
of 1974, as amended, have been published in the Federal Register and
are available from the address in FOR FURTHER INFORMATION CONTACT or at
the Defense Privacy, Civil Liberties, and Transparency Division website
at https://dpcld.defense.gov.
In accordance with 5 U.S.C. 552a(r) and Office of Management and
Budget (OMB) Circular No. A-108, the DoD has provided a report of this
system of records to the OMB and to Congress.
Dated: September 16, 2020.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
SYSTEM NAME AND NUMBER:
Commercial Travel Information Management System, DHRA 14 DoD.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Network Enterprise Center, 1422 Sultan Road, Fort Detrick, MD
21702-9200.
SYSTEM MANAGER(S):
Deputy Director, Defense Travel Management Office, 4800 Mark Center
Drive, Alexandria, VA 22350-9000, email: dodhra.mc-alex.dtmo.mbx.mib-ccb@mail.mil.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. Ch. 57, Travel, Transportation, and Subsistence; 10 U.S.C.
135, Under Secretary of Defense (Comptroller); 10 U.S.C. 136, Under
Secretary of Defense for Personnel and Readiness; 37 U.S.C. 463,
Programs of Compliance, Electronic Processing of Travel Claims; 41 CFR.
300-304, Federal Travel Regulation System; DoD Directive (DoDD)
4500.09, Transportation and Traffic Management; DoDD 5100.87,
Department of Defense Human Resources Activity (DoDHRA); DoD
Instruction (DoDI) 5154.31, Vols 1-6 Commercial Travel Management; DoDI
1100.13, DoD Survey; DoD Financial Management Regulation 7000.14-R,
Vol. 9, Travel Policy; DoD 4500.9-R, Defense Transportation Regulation
(DTR), Parts I-V; The Joint Federal Travel Regulation, Uniformed
Service Members and DoD Civilian Employees; and E.O. 9397 (SSN), as
amended
PURPOSE(S) OF THE SYSTEM:
To establish a repository of DoD travel records consisting of
travel booked within the Defense Travel System (DTS) as well as through
commercial travel vendors in order to satisfy reporting requirements;
identify and notify travelers in potential distress due to natural or
man-made disasters; assist in the planning, budgeting, and allocation
of resources for future DoD travel; conduct oversight operations;
analyze travel, budgetary, or other trends; detect fraud and abuse;
conduct surveys for the evaluation of program effectiveness, calculate
travel and housing allowances, provide insight into the gap between
product/service delivery and customer expectations, assist in
understanding what drives customer satisfaction; respond to authorized
internal and external requests for data relating to DoD official travel
and travel related services, including premium class travel, and to
provide website registered guests an online customer support site for
submitting inquiries regarding commercial travel within the DoD,
including assistance with the DTS.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
DoD civilian personnel; active, former, and retired military
members; Reserve and National Guard personnel; military academy
nominees, applicants, and cadets; dependents of DoD sponsors
accompanying the DoD sponsor on travel; and all other individuals in
receipt of DoD travel orders; registered website guests submitting
inquiries regarding DoD commercial travel.
CATEGORIES OF RECORDS IN THE SYSTEM:
For DoD travelers, information from commercial travel booking
systems and the DTS: Name, Social Security Number (SSN), DoD ID number,
individual taxpayer identification number (ITIN), passport information,
gender, date of birth, email address; home and/or business address, and
cellular phone numbers; emergency contact information to include
spouses name and number;
Employment information: Employment status, organizational
information, duty station, rank, military status information, travel
preferences, frequent flyer information;
Financial information to include government and/or personal charge
card account numbers and expiration information, government travel
charge card transactions, personal checking and/or savings account
numbers, government accounting code/budget information, specific trip
information to include travel itineraries (includes dates of travel)
and reservations, trip record number, trip cost estimates, travel
vouchers, travel-related receipts, travel document status information,
travel budget information, commitment of travel funds, records of
actual payment of travel funds and supporting documentation.
For dependents who are accompanying the DoD sponsor on travel:
Name, date of birth, and passport information.
[[Page 59761]]
For registered website guests: Name, phone number, email address;
if affiliated with DoD, duty station, rank, DoD ID number; if desiring
travel alerts, cellular phone number and cellular phone provider; if
requiring assistance with the DTS, last four of the SSN.
RECORD SOURCE CATEGORIES:
The individual, DTS, General Services Administration data
repository, and commercial travel booking systems.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act of 1974, as amended, the records contained
herein may be disclosed outside the DoD as a routine use pursuant to 5
U.S.C. 552a(b)(3) as follows:
a. To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the federal government when
necessary to accomplish an agency function related to this system of
records.
b. To Federal and private entities providing travel services for
purposes of arranging transportation at Government expense for official
business.
c. To the appropriate Federal, State, local, territorial, tribal,
foreign, or international law enforcement authority or other
appropriate entity where a record, either alone or in conjunction with
other information, indicates a violation or potential violation of law,
whether criminal, civil, or regulatory in nature.
d. To any component of the Department of Justice for the purpose of
representing the DoD, or its components, officers, employees, or
members in pending or potential litigation to which the record is
pertinent.
e. In an appropriate proceeding before a court, grand jury, or
administrative or adjudicative body or official, when the DoD or other
Agency representing the DoD determines the records are relevant and
necessary to the proceeding; or in an appropriate proceeding before an
administrative or adjudicative body when the adjudicator determines the
records to be relevant to the proceeding.
f. To the National Archives and Records Administration for the
purpose of records management inspections conducted under the authority
of 44 U.S.C. 2904 and 2906.
g. To a Member of Congress or staff acting upon the Member's behalf
when the Member or staff requests the information on behalf of, and at
the request of, the individual who is the subject of the record.
h. To appropriate agencies, entities, and persons when (1) the DoD
suspects or confirms a breach of the system of records; (2) the DoD
determines as a result of the suspected or confirmed breach there is a
risk of harm to individuals, the DoD (including its information
systems, programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with the DoD's
efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.
i. To another Federal agency or Federal entity, when the DoD
determines information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained in electronic storage media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Name, home/business address, email address, passport number, date
of birth, SSN, and/or DoD ID number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Destroy 6 years after final payment or cancellation.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records are stored on secure military installations. Physical
controls include use of visitor registers and identification badges,
electronic key card access, safes, security guards, and closed-circuit
television monitoring. Technical controls including intrusion detection
systems, secure socket layer encryption, firewalls, intrusion detection
systems, external certificate authority certificates, least privilege
access, and virtual private networks protect the data in transit and at
rest. Physical and electronic access is limited to individuals who are
properly screened and cleared on a need-to-know basis in the
performance of their official duties. Usernames and passwords, Common
Access Cards, and DoD Public Key Infrastructure, in addition to role-
based access controls are used to control access to the system data.
Procedures are in place to deter and detect browsing and unauthorized
access including periodic security audits and monitoring of users'
security practices. Backups are stored on encrypted media and secured
off-site. Periodic security audits and regular monitoring of user's
security practices also occur. Electronic records are maintained in a
controlled facility. Physical entry is restricted by the use of locks,
guards, and is accessible only to authorized personnel. Access to
records is limited to person(s) servicing the record in performance of
their official duties and who are properly screened and cleared for
need-to-know. Access to computerized data is restricted by the use of
Common Access Cards (CAC) and data encryption.
RECORD ACCESS PROCEDURES:
Individuals seeking access to records about themselves contained in
this system should address written inquiries to the Office of the
Secretary of Defense/Joint Staff, Freedom of Information Act Requester
Service Center, Office of Freedom of Information, 1155 Defense
Pentagon, Washington, DC 20301-1155. Signed, written requests should
contain the individual's full name, personal contact information (home
address, phone number, email), and the number and name of this system
of records notice. In addition, the requester must provide either a
notarized statement or a declaration made in accordance with 28 U.S.C.
1746, using the following format:
If executed outside the United States: ``I declare (or certify,
verify, or state) under penalty of perjury under the laws of the United
States of America that the foregoing is true and correct. Executed on
(date). (Signature).''
If executed within the United States, its territories, possessions,
or commonwealths: ``I declare (or certify, verify, or state) under
penalty of perjury that the foregoing is true and correct. Executed on
(date). (Signature).''
CONTESTING RECORD PROCEDURES:
The DoD rules for accessing records, contesting contents and
appealing initial agency determinations are published in 32 CFR part
310, or may be obtained from the system manager.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether information about
themselves is contained in this system should address written inquiries
to the Deputy Director, Defense Travel Management
[[Page 59762]]
Office, 4800 Mark Center Drive, Alexandria, VA 22350-9000. Signed,
written requests should contain full name, email address, telephone
number, and SSN (or passport number). Website registered guests should
provide their full name and email address. In addition, the requester
must provide either a notarized statement or an unsworn declaration
made in accordance with 28 U.S.C. 1746, in the following format:
If executed outside the United States: ``I declare (or certify,
verify, or state) under penalty of perjury under the laws of the United
States of America that the foregoing is true and correct. Executed on
(date). (Signature).''
If executed within the United States, its territories, possessions,
or commonwealths: ``I declare (or certify, verify, or state) under
penalty of perjury that the foregoing is true and correct. Executed on
(date). (Signature).''
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
August 22, 2014, 79 FR 49764.
[FR Doc. 2020-21014 Filed 9-22-20; 8:45 am]
BILLING CODE 5001-06-P