Privacy Program Resources

NARA Privacy Act Systems: NARA 45

SYSTEM NAME: Insider Threat Program Records.


SYSTEM LOCATION: The Office of the Chief Operating Officer at the National Archives in College Park maintains insider threat program records. The system address is the same as the system manager address.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: This system covers: (1) People who have been granted eligibility to access classified information within NARA facilities; (2) Presidential representatives granted eligibility to access classified information at Presidential libraries; and (3) members of the Public Interest Declassification Board. These individuals may include NARA civilian employees, NARA contractor personnel, and officials or employees of Federal, state, tribal, territorial, and local law enforcement organizations affiliated or working with NARA if NARA has granted them access to classified information based on an eligibility determination made by NARA or another Federal agency authorized to do so.


A. We monitor user activity on all information technology networks or stand-alone systems, including use by both cleared and un-cleared employees. The Insider Threat Program may use this information to detect activity that Start Printed Page might indicate insider threat behavior. The system includes records from this activity, including monitoring logs and insider threat analyses.

B. In addition, we may include or derive records containing information from:

(1) Responses to information requested by official questionnaires (e.g., SF 86, Questionnaire for National Security Positions);

(2) Information on foreign contacts and activities; association records; information on loyalty to the United States; and other agency reports furnished to NARA or that we collect in connection with personnel security investigations, continuous evaluation for eligibility for access to classified information, and its insider threat detection program operated pursuant to Federal laws, executive orders, and NARA regulations. These records can include, but are not limited to, reports of personnel security investigations completed by investigative service providers (such as the Office of Personnel Management);

(3) Nondisclosure agreements; document control registries; courier authorization requests; derivative classification unique identifiers; requests for access to special access program (SAP) information and sensitive compartmented information (SCI); facility access records; security violation files; travel records; foreign contact reports; briefing and debriefing statements; other information and documents required in connection with personnel security adjudications; and financial disclosure filings.

(4) Records from other NARA Privacy Act systems of records. When this occurs, records from those other systems will also become part of this system of records.

(5) NARA office or program records, databases, or sources, including: Incident reports; investigatory records; personnel security records; facility access records; network security records; security violations; payroll information; credit reports; travel records; foreign visitor records; foreign contact reports; financial disclosure reports; personnel records (including benefits information, performance evaluations, disciplinary files, and training records); counseling statements; equal employment opportunity complaints; outside work and activities requests; medical records; substance abuse and mental health records of individuals undergoing law enforcement action or presenting an identifiable imminent threat; personal contact records; audit data; information regarding misuse of a NARA device; information regarding unauthorized use of removable media; logs of printer, copier, and facsimile machine use; and records involving potential insider threats or activities.

(6) Records containing particularly sensitive or protected information, including information held by special access programs, law enforcement, inspector general, or other investigative sources or programs.

C. The records in this system of records may contain the following information on an individual:

(1) Full name; former names and aliases; social security number; date and place of birth; mother's maiden name;

(2) prior and current security clearance, security eligibility, investigative, and adjudicative information (including information collected through continuous evaluation);

(3) current and former home and work addresses and residential history; personal and official phone numbers and email addresses; other contact information;

(4) driver's license information; vehicle identification and license plate numbers;

(5) ethnicity, gender, and race; tribal identification number or other tribal enrollment data;

(6) identifying numbers from access control passes or identification cards;

(7) employment and educational history, including degrees earned; military record information and selective service registration record;

(8) financial record information and credit reports;

(9) arrest reports and criminal history; references to illegal drug involvement and records related to drug or alcohol use;

(10) mental health records, including counseling related to use of alcohol or drugs;

(11) civil court action records;

(12) subversive activity information;

(13) outside affiliations; names of associates and references with their contact information; the name, date and place of birth, social security number, and citizenship information on spouses and cohabitants; the name, date and place of birth, citizenship, and address for dependents, and relatives; the name and marriage information for current and former spouses;

(14) citizenship information; passport information;

(15) fingerprints; hair and eye color; biometric data; height and weight; and any other individual physical or distinguishing attributes.

D. Investigation records and incident reports may include additional information on an individual, such as: Photos, video, sketches, medical reports, network use records, identification badge data, facility and access control records, email, and text messages.

E. The records may also include information concerning potential insider threat activity, counterintelligence complaints, investigative referrals, results of incident investigations, case numbers, forms, nondisclosure agreements, consent forms, documents, reports, and correspondence received, generated, or maintained in the course of managing insider threat activities and conducting investigations related to potential insider threats.

F. Finally, this system contains records of inquiries the hub creates in the course of managing the Insider Threat Program. An inquiry record is akin to a case file on a possible insider threat, and may contain any of the information described above, in addition to investigatory records such as interview notes, analysis of the potential threat, voluntary statements to investigators, and similar documents.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:  44 U.S.C. 2104(a), as amended; 44 U.S.C. 3554, Federal agency responsibilities; 44 U.S.C. 3557, National security systems; Section 811 of the Intelligence Authorization Act for FY 1995; Executive orders 9397, 12829, 12968, 13467, 13587, 13526, 12333, and 10450; Presidential Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, November 21, 2012; Presidential Memorandum, Early Detection of Espionage and Other Intelligence Activities through Identification and Referral of Anomalies, August 23, 1996; and Presidential Decision Directive/NSC-12, Security Awareness and Reporting of Foreign Contacts, August 5, 1993.


In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside NARA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

(1) To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf to the extent the records have not been exempted from disclosure pursuant to 5 U.S.C. 552a(j)(2) and (k)(2);

(2) to an official of another Federal agency to provide information the agency needs to perform official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains;

(3) to state, local, and tribal governments to provide information in response to a court order or litigation discovery requests;

(4) to the Office of Management and Budget during legislative coordination and clearance as mandated by OMB Circular A-19;

(5) to the Department of the Treasury to recover debts owed to the United States;

(6) to the Department of Justice, the Federal Bureau of Investigation, the Department of Homeland Security, and other Federal, state and local law enforcement agencies to refer potential insider threats to them and exchange information on insider threat activity;

(7) to any criminal, civil, or regulatory authority (whether Federal, state, territorial, local, or tribal) to provide background search information on individuals for legally authorized purposes, including but not limited to background checks on individuals residing in a home with a minor or individuals seeking employment opportunities requiring background checks;

(8) to appropriate agencies, entities, and people when (1) we suspect or confirm that there has been a breach of the system of records, (2) we determine that, as a result of the suspected or confirmed breach, there is a risk of harm to individuals, NARA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and people is reasonably necessary to assist our efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm;

(9) to another Federal agency or Federal entity, when we determine that information from this system of records is reasonably necessary to assist the recipient agency or entity to (1) respond to a suspected or confirmed breach or (2) prevent, minimize, or remedy the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach; and

(10) routine uses A, B, C, D, E, F, G, and I listed in Appendix A (78 FR 77255, 77287) also apply to this system.


STORAGE: Paper and electronic records.

RETRIEVABILITY: Staff may retrieve information in these records by the employee's name, social security number, by search, or by any available field or metadata element recorded in the system.

SAFEGUARDS:  During normal hours of operation, we maintain paper records in areas accessible only by authorized NARA personnel. Authorized NARA personnel access electronic records via password-protected workstations located in attended offices or through a secure remote access network. After hours, buildings have security guards or secured doors, and electronic surveillance equipment monitors all entrances.

Access to records containing particularly sensitive or protected information, including information from special access programs, law enforcement, inspector general, or other investigative sources or programs, requires additional approval by the senior NARA official responsible for managing and overseeing the program.

RETENTION AND DISPOSAL: NARA insider threat program records are unscheduled records; NARA therefore retains them until the Archivist of the United States approves dispositions for them. We anticipate a General Records Schedule item for Insider Threat Records will be issued for Government-wide use.


The system manager for insider threat program records is the Chief Operating Officer.  The business addresses for these system managers are listed in Appendix B.

NOTIFICATION PROCEDURE: People interested in inquiring about their records should notify the NARA Privacy Act Officer at the address listed in Appendix B. However, we exempt portions of this system from the notification procedures of the Privacy Act, pursuant to sections (j)(2) and (k)(2). 

RECORD ACCESS PROCEDURES: People who wish to access their records should submit a request in writing to the NARA Privacy Act Officer at the address given in Appendix B. However, we exempt portions of this system from the access procedures of the Privacy Act, pursuant to sections (j)(2) and (k)(2).

CONTESTING RECORD PROCEDURES: NARA rules for contesting the contents of a person's records and appealing initial determinations are found in 36 CFR part 1202. However, we exempt portions of this system from the amendment procedures of the Privacy Act, pursuant to sections (j)(2) and (k)(2).

RECORD SOURCE CATEGORIES:   We may obtain or derive information in the system from:

(1) NARA office and program officials, employees, contractors, and other individuals associated with or representing NARA;

(2) relevant NARA and contractor records, databases, and files, including: Personnel security files, human resources files, facility access records, telephone usage records, user activity monitoring information, Office of the Chief Information Officer and information assurance files, Inspector General records, security incident or violation files, network security records, investigatory records, visitor records, travel records, foreign visitor or contact reports, and financial disclosure reports;

(3) other NARA Privacy Act systems of records, which include: NARA 8: Restricted and Classified Records Access Authorization Files; NARA 11: Credentials and Passes; NARA 12: Emergency Notification Files and Employee Contact Information; NARA 14: Payroll, Attendance, Leave, Retirement, Benefits, and Electronic Reporting System Records; NARA 17: Grievance Records; NARA 18: General Law Files; NARA 19: Workers' Compensation Case Files; NARA 22: Employee-Related Files; NARA 23: Office of Inspector General Investigative Case Files; NARA 24: Personnel Security Files; NARA 27: Contracting Officer and Contracting Officer's Representative (COR) Designation Files; NARA 28: Tort and Employee Claim Files; NARA 30: Garnishment Files; NARA 32: Alternate Dispute Resolution Files; NARA 34: Agency Ethics Program Files; and NARA 43: Internal Collaboration Network (ICN);

(4) responses to information requested by official questionnaires (e.g., SF 86, Questionnaire for National Security Positions);

(5) external sources including security databases and files; officials and records from other Federal, tribal, territorial, state, and local government organizations; special access programs, law enforcement, inspector general, or other investigative sources or programs; and other agency reports furnished to NARA or that we collect in connection with personnel security investigations, continuous evaluation for eligibility for access to classified information, and its insider threat detection program; and

(6) publicly available information.


Return to NARA Privacy Act Systems Inventory