SUPPLEMENTARY INFORMATION:

The inventory records system is maintained to assist DEA divisions in the performance of administrative recordkeeping functions when deploying equipment, such as equipment or product receiving, inventory levels, allotment/issuance tracking, and inventory disposal. The system is comprised of administrative records of several different types of equipment that will be, are, or have been assigned to individuals (or to Points of Contact in each DEA location), including but not limited to, DEA-purchased clothing, firearms, body armor, tactical equipment, and information technology hardware at relevant DEA depots, warehouses, and supply facilities. Depending on equipment type, inventory records may also include details on vendor order status and shipping logistics, allotment details regarding the assignment of specific clothing and equipment to individuals, status data for information technology hardware sent to all DEA offices, certain information technology lifecycle information, and the relevant points of contact handling information technology hardware in each DEA location.

In accordance with 5 U.S.C. 552a(r), the Department has provided a report to OMB and Congress on this new system of records.

Justice/DEA-023

SYSTEM NAME AND NUMBER:

Inventory Tracking Records; JUSTICE/DEA-023. ( printed page 23114)

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records may be accessed at all locations at which DEA operates or at which DEA operations are supported, including: DEA Headquarters, 700 Army-Navy Drive, Arlington 22202; DEA Academy in Quantico, VA 22135; and all DEA field offices, task forces, laboratories, operational divisions, legal attaches, information technology centers, and other components listed on the DEA's internet website, https://www.dea.gov/​. Some or all system information may also be duplicated at other locations where the DEA has granted direct access for support of DEA missions, including for purposes of system backup, emergency preparedness, and/or continuity of operations.

Records are maintained electronically in a hybrid arrangement on physical servers at DEA-contracted data centers in the Washington DC area or at one or more of the Department of Justice (DOJ) Core Enterprise Facilities (CEF) in Clarksburg, WV 26306, or Pocatello, ID 83201, and government cloud-based servers hosted by Amazon Web Services and Microsoft Azure Cloud in protected locations in the continental United States, as well as at Federal Records Centers. In the future, all data may be transferred fully to a government cloud provider. The cloud computing service providers and their location may change from time to time, and this document may not reflect the most current information available. To determine the location of a particular record maintained in this system of records, contact the system manager, whose contact information is listed in the “SYSTEM MANAGER(S)” paragraph, below.

SYSTEM MANAGER(S):

Section Chief—Academy Operations Section (TRDA), Section Chief—Domestic Training Section (TRD), 2500 Investigation Pkwy, Quantico, VA 22135.

Section Chief—Administrative Support Section (STA), 10555 Furnace Road, Lorton, VA 22079.

Section Chief, Information Technology Field Services Section (TIF), 8701 Morrissette Drive, Springfield, VA 22152.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The Comprehensive Drug Abuse Prevention and Control Act of 1970 (Controlled Substances Act) (Pub. L. 91-513, as amended; 21 U.S.C. 801, et seq.) and its attendant regulations (21 CFR 1300, et seq.), the Omnibus Crime Control and Safe Streets Act, (Pub. L. 90-351, as amended), the Single Convention on Narcotic Drugs (18 U.S.C. 1407), and Reorganization Plan No. 2 of 1973 (87 Stat. 1091) provides DEA with the legal authority to enforce the controlled substances laws and regulations of the United States and establish and maintain this system of records in furtherance thereof.

PURPOSE(S) OF THE SYSTEM:

Records in this system of records are used to track and manage the inventory of and allocations to individual DEA personnel of agency issued clothing and certain types of equipment, including but not limited to firearms, body armor, and tactical equipment. In addition, this system also tracks deployment of information technology hardware equipment to each DEA location. In some cases, clothing and equipment allocations also may be made directly to DEA locations without referencing individual personnel in the system. Depending on the equipment type, the system maintains varying levels of detail for inventory related data such as in-stock, issued, and used inventory status, ordering and shipping logistics, repair efforts and warranty fulfillment, and lifecycle and disposal information at relevant DEA depots, warehouses, and supply facilities. Records may also include the data on the types of equipment inventoried (description, model, serial number, cost, office cost center numbers), vendor, manufacturer, and quantities of equipment purchased. Also, firearms allocations to DEA personnel are tracked along with certifications.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Categories of covered individuals consist of:

1. DEA personnel issued clothing and certain equipment, potentially including but not limited to firearms, body armor, tactical equipment, and information technology hardware;

2. Non-DEA employed, deputized task force officers and other non-DEA personnel, including non-United States persons, and individuals giving instruction at or contractors providing services for DEA, who have been issued clothing and equipment by the DEA.

3. DEA personnel serving as points of contact for information technology hardware in each DEA location;

4. DEA personnel associated with the purchase, receipt, delivery, management, or disposal of information technology hardware;

5. DEA personnel involved with issuance, purchase, inventory maintenance, or disposal of equipment other than information technology;

6. Vendors and Vendor Points of Contact.

CATEGORIES OF RECORDS IN THE SYSTEM:

Depending on the type of equipment inventory, records consist of:

1. Personal identification and location information for individuals issued clothing and equipment, including but not limited to, firearms, body armor and tactical equipment and information technology hardware, the data collected for which may include names, title(s), job series, home addresses, office locations; and other miscellaneous identifying information, including, for example, telephone, serial number, DEA number, and division, unit or organization information; or certain biographical data of recipients of certain equipment, such as sex, height, weight, and body measurements;

2. Types, sizes, quantities, and dates of issuance for specific items of clothing and equipment issued to DEA personnel, non-DEA personnel, and certain DEA locations, units, or classes;

3. Types, quantities, transaction dates, and serial numbers of information technology hardware allocated and delivered to each DEA location (including identification information for each location's point of contact) and to individuals assignees;

4. Transaction and order histories of equipment, including but not limited to that listed in category (1), acquired by DEA locations, which also may track the current and past allocations made to or received by DEA personnel;

5. Inventory data for undistributed clothing and equipment that may include item types, quantities, transaction dates, warranty information, maintenance records, lifecycle status and inventory identifiers ( e.g., serial numbers, tracking information, bar codes, Quick Response (QR) codes, or Radio Frequency Identification (RFID) numbers), and depending on the equipment in issue, that may include identifying information of individuals involved in repairs of items, maintenance, warranty claims, and inventory checks;

6. Acquisition information including purchase orders, invoicing and payments, shipping status, and delivery dates for certain equipment and information technology inventories that may have points of contact (DEA personnel, including contractors where applicable) and/or vendor representative identifying information included;

7. Disposition information for inventory marked for disposal that may ( printed page 23115) include or be linked to identity information from previous allocations, if any;

8. Serial numbers of firearms assigned to named DEA personnel, DEA deputized task force officers, and locally employed staff abroad ( i.e., U.S. citizens or lawfully admitted permanent resident aliens living abroad employed by a U.S. embassy), working with DEA, as well as corresponding qualification records.

RECORD SOURCE CATEGORIES:

Records contained in this system of records are derived from information provided directly by DOJ employees or from DEA information systems (via electronic data transfer or manual input depending on source) containing or accessing:

1. Records of clothing and tactical equipment purchases and allotments issued to individuals;

2. Records of requests by DEA locations for clothing or tactical equipment made by the relevant unit(s);

3. Records of information technology hardware transfers to operational deployments for all DEA locations, including identifying those individuals serving as points of contact for such equipment receipt and distribution in each DEA location;

4. Financial information system records regarding purchase orders, invoicing, and payments for clothing, equipment and information technology items (including DEA-19 forms, purchase orders, and financial management system data);

5. Assorted business records associated with information technology purchasing, logistics, product warranty claims, maintenance history, and disposal activities; and

6. Personnel records system data including DEA personnel firearms and qualification information.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures otherwise permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system may be disclosed as a routine use pursuant to 5 U.S.C. 552a(b)(3) under the circumstances and for the purposes described below, to the extent such disclosures are compatible with the purposes for which the information was collected and when it has been determined by the DEA or Department of Justice that such a need exists:

(a) To appropriate federal, state, local, tribal and foreign law enforcement agencies or other relevant entities charged with the investigation and prosecution of illegal activities or enforcement or implementation responsibilities, where a record either alone or in conjunction with other information indicates a potential violation of law—whether criminal, civil or regulatory in nature, to facilitate official actions.

(b) To any person or entity that DEA has reason to believe possesses information regarding a matter within the jurisdiction of DEA, to the extent deemed to be necessary by DEA in order to elicit such information or cooperation from the recipient for use in the performance of an authorized activity.

(c) To a court, grand jury, or administrative or adjudicative body in any appropriate proceeding where DEA or the Department of Justice determines the records are relevant to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding.

(d) To an actual or potential party to litigation or the party's authorized representative for the purpose of negotiation or discussion on such matters as settlement, plea bargaining, or in informal discovery proceedings, in accordance with requests made under the proper administrative procedures.

(e) To the news media and the public pursuant to 28 CFR 50.2, unless it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

(f) To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal government, when necessary to accomplish an agency function related to this system of records.

(g) To designated officers and employees of state, local, territorial, or tribal law enforcement or detention agencies in connection with the hiring or continued employment of an employee or contractor, where the employee or contractor would occupy or occupies a position of public trust as a law enforcement officer or detention officer having direct contact with the public or with prisoners or detainees, to the extent that the information is relevant and necessary to the recipient agency's decision.

(h) To appropriate officials and employees of a Federal agency or entity which requires information relevant to a decision concerning the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract, or the issuance of a grant or benefit.

(i) To a former employee of the Department of Justice for purposes of responding to an official inquiry by a Federal, state, or local government entity or professional licensing authority in accordance with applicable regulations; or facilitating communications with a former employee that may be necessary for personnel-related or other official purposes where the Department requires information and/or consultation assistance from the former employee regarding a matter within that person's former area of responsibility.

(j) To Federal, state, local, territorial, tribal, foreign, or international licensing agencies or associations which require information concerning the suitability or eligibility of an individual for a license or permit.

(k) To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

(l) To the National Archives and Records Administration (NARA) for purposes of management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

(m) To appropriate agencies, entities, and persons when (1) the DEA or Department of Justice suspects or has confirmed that there has been a breach of the system of records; (2) the DEA or Department of Justice has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the DEA, the Department of Justice (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the DEA or Department of Justice efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(n) To another Federal agency or Federal entity, when the DEA or Department of Justice determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the ( printed page 23116) Federal Government, or national security, resulting from a suspected or confirmed breach.

(o) To any agency, organization, or individual, such as the Government Accountability Office, a Federal Office of the Inspector General, or the Office of Special Counsel, for the purpose of performing authorized audit or oversight operations of DEA, including those related to fraud, waste, and abuse, and meeting related reporting requirements.

(p) To such recipients and under such circumstances and procedures as are mandated by Federal statute or treaty.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system are stored in electronic form. Electronic records are stored in databases and/or on hard disks, removable storage devices, or other electronic media with appropriate security and access limitations.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records generally are retrieved by reference to an individual's name or personal identifier ( e.g., DEA number), by the relevant unit/location, or by reference to the equipment provided. Access requires two-factor authentication methods. Authorized users must have official authorized purpose(s) and appropriate access permissions.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records in this system will be retained and disposed of in accordance with the appropriate records schedules approved by the National Archives and Records Administration (NARA) including, but not limited to, General Records Schedule (GRS) 4.1-010 Tracking and Control Records; GSR 5.4-010 Facility, Equipment, Vehicle, Property and Supply Administrative and Operational Records, and NARA-approved DEA schedules for Accountable Personal Property and Law Enforcement Officer Training Files.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Information in this system of records is maintained in accordance with applicable laws, rules, and policies on protecting individual privacy. Specifically, information in this system of records is safeguarded in accordance with Department of Justice rules and policy governing automated systems security and access; and is protected by physical security methods, administrative processes, and technical means, including dissemination and access controls. These safeguards include all technical equipment in which information in this system of records is stored being maintained in restricted areas. For example, the servers storing electronic data and the backup tapes that are stored onsite are located in locked rooms with access limited to authorized agency personnel. Backup tapes stored offsite are maintained in accordance with a government contract that requires adherence to applicable laws, rules, and policies. Internet connections are protected by multiple firewalls. Security personnel conduct periodic vulnerability scans using DOJ-approved software to ensure security compliance and security logs are enabled for all computers to assist in troubleshooting and forensics analysis during incident investigations. Users of individual computers can only gain access to the data by a valid user identification and authentication. Access to individual computers requires two factor authentication.

RECORD ACCESS PROCEDURES:

All requests for access to records must be made in writing, in accordance with 28 CFR part 16, and may be submitted electronically by visiting the DEA FOIA Public Access Link Portal: https://ifa.dea.gov/​foia/​, or made via hard copy letter. If submitted via letter, inquiries should be addressed to: `Drug Enforcement Administration, Attn: Freedom of Information and Privacy Act Section, 8701 Morrissette Drive, Springfield, Virginia 22152,' or addressed to the System Manager listed above with the envelope and letter clearly marked `Privacy Access Request.' The request must include a general description of the records sought with sufficient detail to enable Department personnel to locate them with a reasonable amount of effort. The request also must include the requester's full name, current address, and date and place of birth. The request must be signed and either notarized or submitted under penalty of perjury and dated. Although no specific form is required, you may obtain a DEA-specific form ( DEA-382 FOIA/PA Request Letter) to make a `Privacy Access Request' to DEA. The form is available on the Privacy Act page of the FOIA section of the DEA.gov website at https://www.dea.gov/​foia/​foia-privacy-act.

More information regarding the Department's procedures for accessing records in accordance with the Privacy Act can be found at 28 CFR part 16 Subpart D, “Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974.”

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest or amend information maintained in the system must direct their request according to the “RECORD ACCESS PROCEDURES” paragraph, above. All requests to contest or amend records must be in writing and the envelope and letter should be clearly marked “Privacy Act Amendment Request.” All requests must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.is being contested, the reasons for contesting it, and the proposed amendment to the information sought.

More information regarding the Department's procedures for amending or contesting records in accordance with the Privacy Act can be found at 28 CFR 16.46, “Requests for Amendment or Correction of Records.”

NOTIFICATION PROCEDURES:

Individuals may be notified if a record in this system of records pertains to them when the individuals request information utilizing the same procedures as those identified in the “RECORD ACCESS PROCEDURES” paragraph, above. Hard copy inquiries should be addressed to: Drug Enforcement Administration, Attn: Freedom of Information and Privacy Act Section, 8701 Morrissette Drive, Springfield, Virginia 22152; or an electronic request may be filed at the DEA FOIA Public Access Link Portal: https://ifa.dea.gov/​foia/​.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.

91 FR 23113