9500-01
OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE
Privacy Act of 1974; System of Records
AGENCY: Office of the Director of National Intelligence (ODNI).
ACTION: Notice of a revised system of records.
SUMMARY: Pursuant to the Privacy Act of 1974 (hereafter Privacy Act) and Office of Management
and Budget (OMB) Circular No. A-108, notice is hereby given that the Office of Civil Liberties,
Privacy, and Transparency (CLPT), an office within the Office of the Director of National Intelligence
(ODNI), is revising the system of records titled “Civil Liberties and Privacy Office Complaint Records
(ODNI–14).” This revision accounts for requirements pursuant to Executive Order 14086, Enhancing
Safeguards for United States Signals Intelligence Activities, to include updating text related to covered
individuals, routine uses, authorities, and records sources. It further adds an update to the CLPT office
name to reflect its transparency mission.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is effective upon publication,
subject to a 30-day period in which to comment on the routine uses, described below. Please submit
any comments by [INSERT DATE 30 DAYS AFTER DATE OF PUBLICATION IN THE
FEDERAL REGISTER].
ADDRESSES: You may submit comments by any of the following methods:
•

Federal Rulemaking Portal: http://www.regulations.gov.

•

Email: transparency@dni.gov.

•

Mail: Director, Information Management Office, Chief Operating Officer, ODNI, Washington,
DC 20511.

FOR FURTHER INFORMATION CONTACT: Director, Information Management Office, Chief
Operating Officer, Office of the Director of
National Intelligence, at the addresses provided above.

SUPPLEMENTARY INFORMATION: The ODNI Civil Liberties Protection Officer (CLPO) leads
CLPT, which is responsible for ODNI-14. ODNI-14 enables authorized CLPT personnel to track,
review, and, as appropriate, investigate complaints of civil liberties or privacy violations in the conduct
of programs and activities by ODNI or Intelligence Community (IC) elements. ODNI-14 provides
notice on the maintenance of records relevant to CLPT’s duties under section 103D of the National
Security Act of 1947, as amended, 50 U.S.C. 103D, 401–442; Section 1062 of the Intelligence Reform
and Terrorism Prevention Act (IRTPA) of 2004; Executive Order 12333, as amended (73 FR 45325);
Executive Order 12958, as amended (68 FR 15315); Executive Order 12968, as amended (73 FR
38103); and Executive Order 14086 (87 FR 62283).

With this notice, CLPT revises ODNI-14 to include CLPO obligations under Executive Order 14086.
Executive Order 14086, published on 7 October 2022, establishes a redress mechanism that authorizes
the CLPO to investigate, review, and, as necessary, order appropriate remediation for qualifying
complaints transmitted by an appropriate public authority in a qualifying state concerning United States
signals intelligence activities for any covered violation of United States law.

Executive Order 14086 defines a “qualifying complaint” as a complaint, submitted in writing, that
alleges a covered violation has occurred that pertains to personal information of or about the
complainant, a natural person, reasonably believed to have been transferred to the United States from a
qualifying state. Complaints must be filed through the appropriate public authority in a “qualifying
state,” which is a country or regional economic integration organization designated as a qualifying state
by the Attorney General under section 3(f) of Executive Order 14086.

Executive Order 14086 requires that the CLPO review information necessary to investigate a
qualifying complaint. Intelligence Community Directive (ICD) 126, Implementation Procedures for the
Signals Intelligence Redress Mechanism under Executive Order 14086, requires the CLPO to conduct

an initial review of the complaint to assess whether the complaint meets the criteria to be a qualifying
complaint, including that the appropriate public authority in a qualifying state verified the identity of
the complainant. While the CLPO shall rely on the appropriate public authority’s verification, ICD 126
states that the CLPO may request additional information from the appropriate public authority. ICD
126 requires the CLPO to provide written notification to the appropriate public authority as to the
CLPO’s determination whether that the complaint was qualifying or not. ICD 126 requires the CLPO to
provide the Department of Commerce and the Data Protection Review Court (DPRC), as established by
the Attorney General, an unclassified record regarding each qualifying complaint that provides only the
identity of the complainant, the appropriate public authority that transmitted the qualifying complaint,
and the date when the qualifying complaint was transmitted to the CLPO.

To investigate and review a qualifying complaint, Executive Order 14086 requires elements of the IC
to provide the CLPO with access to information necessary to conduct the required review. IC elements’
privacy and civil liberties officials shall also support the CLPO as the CLPO performs its reviews.

Executive Order 14086 further requires that the CLPO provide a classified report on information
indicating a violation of any authority subject to the oversight of the Foreign Intelligence Surveillance
Court to the Assistant Attorney General for National Security. Additionally, the CLPO shall maintain
appropriate documentation of its review of the qualifying complaint; produce a classified determination
explaining the basis for its factual findings, whether a covered violation occurred, and the appropriate
remediation in the event of a violation, consistent with statutory and delegated authority; and prepare a
classified ex parte record of review consisting of the appropriate documentation of its review and the
classified decision.

Executive Order 14086 requires that, after completing the review, the CLPO inform the complainant,
through the appropriate public authority in a qualifying state and without confirming or denying that

the complainant was subject to United States signals intelligence activities, that:
(1) the review either did not identify any covered violations or the CLPO issued a determination
requiring appropriate remediation;
(2) the complainant or an IC element may apply for review of the CLPO’s determinations by the
DPRC; and
(3) if either the complainant or an IC element applies for review by the DPRC, a special advocate
will be selected by the DPRC to advocate regarding the complainant’s interest in the matter.

The CLPO is further required to provide any necessary support to the DPRC. Executive Order 14086
also requires elements of the IC to provide the CLPO with access to information necessary to respond
to a request from the DPRC for information to conduct its review of the CLPO’s determination.

Executive Order 14086 requires the Department of Commerce to contact elements of the IC regarding
whether information relating to the CLPO’s and the DPRC’s reviews of qualifying complaints has been
declassified; the CLPO will engage with the Department of Commerce to facilitate its declassification
inquiry.

Executive Order 14086 encourages, consistent with applicable law, the Privacy and Civil Liberties
Oversight Board (PCLOB) to conduct an annual review of the processing of qualifying complaints by
the CLPO and DPRC. The CLPO and elements of the IC are required to provide the PCLOB with
access to information necessary to conduct the PCLOB’s review.

SYSTEM NAME AND NUMBER:
Office of Civil Liberties, Privacy, and Transparency Complaint Records (ODNI–14).

SECURITY CLASSIFICATION:

The classification of records in this system can range from UNCLASSIFIED to TOP SECRET.

SYSTEM LOCATION:
Office of Civil Liberties, Privacy, and Transparency, Office of the Director of National Intelligence,
Washington, DC 20511.

SYSTEM MANAGER(S):
Civil Liberties Protection Officer c/o Director, Information Management, Office of the Director of
National Intelligence, Washington, DC 20511.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The National Security Act of 1947, as amended, 50 U.S.C. 401–442; the Intelligence Reform and
Terrorism Prevention Act (IRTPA) of 2004, 42 U.S.C 2000ee–1; Executive Order 12333, as amended
(73 FR 45325); Executive Order 12958, as amended (68 FR 15315); Executive Order 12968, as
amended (73 FR 38103); and Executive Order 14086 (87 FR 62283).

PURPOSES OF THE SYSTEM:
Records in this system are used by authorized personnel of the Office of Civil Liberties, Privacy, and
Transparency (CLPT) within the Office of the Director of National Intelligence (ODNI) to track,
review, and, as appropriate, investigate complaints of civil liberties or privacy violations in the conduct
of programs and activities by ODNI or IC elements. This includes complaints submitted pursuant to the
Executive Order 14086 redress mechanism to the CLPO and to the Data Protection Review Court for
review. Records in this system are also used, as appropriate, to:
(1) Manage general correspondence to and from CLPT, including correspondence or reports
expressing opinions or complaints, raising questions or concerns, or providing other
information;

(2) Track and report data, conduct research and statistical analysis, and evaluate program
effectiveness; and
(3) Maintain records for oversight and auditing purposes and to ensure appropriate handling and
management as required by law and policy.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
•

Current and former ODNI staff and staff of the IC elements, including military and civilian
personnel detailed to ODNI or IC elements; contract employees, including personal services
independent contractors and industrial contractors; and members of the public who allege
violations of civil liberties or privacy arising from the programs and activities of ODNI or IC
elements, including under Executive Order 14086.

•

Individuals who may be relevant to or have information relevant to the allegation of a violation
of civil liberties or privacy.

•

Staff of the Department of Justice, including the Office of Privacy and Civil Liberties and the
National Security Division; the DPRC; the Department of Commerce; the PCLOB; and the
appropriate public authorities in a qualifying state related to the redress process pursuant to
Executive Order 14086.

CATEGORIES OF RECORDS IN THE SYSTEM:
Records alleging violations of civil liberties or privacy arising from the programs and activities of
ODNI or IC elements, and records of review, investigation, acknowledgment or disposition of
allegations received. This also includes records to facilitate the Executive Order 14086 redress
mechanism, such as: (i) personal information received from individual complainants; (ii) a record of
determination whether the complaint is qualifying for investigation under Executive Order 14086 or
other authority; (iii) information received from IC elements relating to complaints; (iv) information
regarding communications between the CLPO, IC elements, and relevant personnel, to include those of

the Department of Justice, the DPRC, Department of Commerce, the PCLOB, and the appropriate
public authorities in a qualifying state.

RECORD SOURCE CATEGORIES:
Records will be obtained from individuals submitting complaints either directly to CLPT or through an
appropriate public authority; relevant records from IC elements; records developed by CLPT during the
review and investigation process; and records developed by the DPRC, the Department of Justice, and
the Department of Commerce.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a
portion of the records or information contained in this system may be disclosed outside ODNI as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To an appropriate federal, state, territorial, tribal, or local law enforcement authority, foreign
government or international law enforcement authority, or to an appropriate regulatory body
charged with investigating, enforcing, or prosecuting such violations when a record on its face
or in conjunction with other information indicates or relates to a violation or potential violation
of law, whether civil, criminal, administrative or regulatory in nature, and whether arising by
general statute, particular program statute, regulation, rule or order issued pursuant thereto.

B. To an administrative law judge, or to the presiding official of an administrative board, panel or
other administrative body when a record is required to be presented in the course of proceedings
or as evidence and with appropriate protections for further disclosure in place.

C. To any component of the Department of Justice or any other entity responsible for representing
the interests of ODNI in connection with potential or actual civil, criminal, administrative,
judicial or legislative proceedings or hearings, for the purpose of representing or providing
advice to: ODNI; any staff of ODNI in their official capacity; any staff of ODNI in their
individual capacity where the staff has submitted a request for representation by the United
States or for reimbursement of expenses associated with retaining counsel; or the United States
or another federal agency, when the United States or the agency is a party to such proceeding
and the record is relevant and necessary to such proceeding.

D. In a proceeding before a court, magistrate, special master, or adjudicative body when any of the
following is a party to litigation or has an interest in such litigation, and the ODNI, Office of
General Counsel, determines that use of such records is relevant and necessary to the litigation:
ODNI; any staff of ODNI in their official capacity; any staff of ODNI in their individual
capacity where the Department of Justice has agreed to represent the staff or has agreed to
provide counsel at government expense; or the United States or another federal agency, where
the ODNI, Office of General Counsel, determines that litigation is likely to affect ODNI.

E. To Department of Justice and other U.S. Government entities, to the extent necessary to obtain
advice on any matter within the official responsibilities of such representatives and the
responsibilities of ODNI and determined by ODNI to be relevant and necessary to the request
for advice.

F. To a Member of Congress or congressional staffer in response to an inquiry from that Member
of Congress or congressional staffer made at the written request of the individual who is the
subject of the record.

G. To any agency, organization, or individual for authorized audit operations, and for meeting
related reporting requirements, including disclosure to the National Archives and Records
Administration for records management inspections and such other purposes conducted under
the authority of 44 U.S.C. 2904 and 2906, or successor provisions.

H. To the President’s Intelligence Advisory Board, the President’s Intelligence Oversight Board, to
any successor organizations, and to any intelligence oversight entity established by the
President, and to the PCLOB when the Office of the General Counsel or the Office of the
Inspector General determines that disclosure is necessary for such entities to perform their
oversight functions and that such disclosure is otherwise lawful.

I. To contractors, grantees, experts, consultants, students, or others performing or working on a
contract, service, grant, cooperative agreement, or other assignment for ODNI when access to
the record is necessary to perform the function or service for which they have been engaged by
ODNI.

J. To former staff of ODNI for the purposes of responding to an official inquiry by a federal, state,
or local government entity or professional licensing authority or facilitating communications
with a former staff of ODNI that may be necessary for personnel-related or other official
purposes when ODNI requires information or consultation assistance, or both, from the former
staff regarding a matter within that person’s former area of responsibility.

K. To foreign, international or multinational security, investigatory, law enforcement, or
administrative authorities in order to comply with requirements imposed by, or to claim rights
conferred in, formal agreements and arrangements.

L. To a federal, state, local, tribal, territorial, foreign, or multinational government agency or
entity, or to other authorized entities or individuals, but only if such disclosure is undertaken in
furtherance of responsibilities conferred by, and in a manner consistent with, the National
Security Act of 1947, as amended; the Counterintelligence Enhancement Act of 2002, as
amended; Executive Order 12333 or any successor order together with its implementing
procedures approved by the Attorney General; and other provisions of law, Executive Order, or
directive relating to national intelligence or otherwise applicable to ODNI. This routine use is
not intended to supplant the other routine uses published by ODNI.

M. To IC elements when a record is related to the redress function under Executive Order 14086,
but only if such disclosure is undertaken in furtherance of responsibilities conferred by, and in a
manner consistent with, that redress function.

N. To the Department of Justice, the Data Protection Review Court, and the Department of
Commerce when a record is related to the redress function under Executive Order 14086 and
the ODNI CLPO has determined the record is necessary and relevant in furtherance of
responsibilities conferred by, and in a manner consistent with, that redress function.

O. To the PCLOB when a record is related to the redress function under Executive Order 14086
and the ODNI CLPO has determined the record is necessary and relevant in furtherance of
responsibilities conferred by, and in a manner consistent with, that redress function.

P. To the appropriate public authorities in a qualifying state when a record is related to the redress
function under Executive Order 14086 and the ODNI CLPO has determined the record is
necessary and relevant in furtherance of responsibilities conferred by, and in a manner

consistent with, that redress function.
Q. A record from this system of records may be disclosed as a routine use to appropriate agencies,
entities, and persons when: (1) ODNI suspects or has confirmed that there has been a breach of
the system of records; (2) ODNI has determined that as a result of the suspected or confirmed
breach there is a risk of harm to individuals, ODNI (including its information systems,
programs, and operations), the federal government, or national security, and; (3) the disclosure
made to such agencies, entities, and persons is reasonably necessary to assist in connection with
the Department's efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.

R. A record from this system of records may be disclosed as a routine use to another Federal
agency or Federal entity, when ODNI determines that information from this system ofrecords is
reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or
confirmed breach or (2) preventing, minimizing, or remedying the risk ofharm to individuals,
the recipient agency or entity (including its information systems, programs, and operations), the
Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Paper and other hard-copy records are stored in secured areas within CLPT offices. Electronic records
are stored in secure file-servers on secure private cloud-based systems that are connected only to a
government network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by name or case number. Information may be retrieved from this system of
records by automated or hand search based on existing indices and automated capabilities utilized in
the normal course of business. All searches of this system of records will be performed in accordance

with Executive Order 14086.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Pursuant to 44 U.S.C. 3303a(d) and 36 CFR chapter 12, subchapter B, part 1226—Implementing
Disposition, records will be disposed of according to the National Archives and Records
Administration’s General Records Schedule item 4.2 065, Privacy Complaint Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information in this system is safeguarded in accordance with prescribed administrative, physical, and
technical safeguards. Records are maintained in a secure government facility with access to the facility
limited to authorized personnel and authorized, escorted visitors. Physical security protections include
guards who review individual’s badges prior to their entry being permitted into the facility and locked
individual offices requiring badges for entry and the use of access codes to open and close the offices
daily. Records are accessed only by authorized government personnel using passwords that must meet
strict security protocols and who hold appropriate security clearances, whose official duties require
access to the records, and who have had ODNI’s required annual training to obtain access to the
computer systems, including privacy training and computer security training. Communications are
encrypted where required and other safeguards are in place to monitor and audit access and to detect
intrusions. System backup is maintained separately.

RECORD ACCESS PROCEDURES:
Particular records in this system have been exempted from certain notification, access, and amendment
procedures. A request for access to non-exempt records shall be made in writing with the envelope and
letter clearly marked “Privacy Act Request.” Each request must provide the requester’s full name and
complete address. The requester must sign the request and have it verified by a notary public.
Alternately, the request may be submitted under 28 U.S.C. 1746, certifying the requester’s identity and

acknowledging that obtaining records under false pretenses constitutes a criminal offense. Requests for
access to information must be addressed to the Director, Information Management, Office of the
Director of National Intelligence, Washington, DC 20511. Regulations governing access to one’s
records or for appealing an initial determination concerning access to records are contained in the
ODNI regulation implementing the Privacy Act.

More information regarding ODNI’s procedures for accessing records in accordance with the Privacy
Act can be found at 28 CFR Part 16 Subpart D, “Access to and Amendment of Individual Records
Pursuant to the Privacy Act of 1974, and Other Privacy Protections.”

CONTESTING RECORD PROCEDURES:
Certain records in this system are exempt from certain notification, access, and amendment procedures.
Individuals seeking to correct or amend non-exempt records should address their requests to ODNI at
the address and according to the requirements set forth above under the heading “Record Access
Procedures.” Regulations governing access to and amendment of one’s records or for appealing an
initial determination concerning access or amendment of records are contained in the ODNI regulation
implementing the Privacy Act, 32 CFR part 1701 (73 FR 16531).

NOTIFICATION PROCEDURES:
Certain records in this system are exempt from certain notification, access, and amendment procedures.
Individuals seeking to learn whether this system contains non-exempt information about them should
address their inquiries to ODNI at the address and according to the requirements set forth above under
the heading “Record Access Procedures.”

EXEMPTIONS CLAIMED FOR THE SYSTEM:
Records alleging violations of civil liberties or privacy arising from the programs and activities of

ODNI or IC elements, including those records generated pursuant to the processes of Executive Order
14086’s redress mechanism, retain their existing exemption from the requirements of subsections
(c)(3);(d)(1), (2), (3), (4); (e)(1) and (e)(4)(G), (H), (I); and (f) of the Privacy Act pursuant to 5 U.S.C.
552a(k)(1), (k)(2), and (k)(5). Records may be exempted from these subsections or additionally from
the requirements of subsections (c)(4); (e)(2), (3), (5), (8), (12); and (g) of the Privacy Act consistent
with any exemptions claimed under 5 U.S.C. 552a(j) or (k) by the originator of the record, provided the
reason for the exemption remains valid and necessary.

HISTORY:
This is a revision to the existing ODNI/Civil Liberties and Privacy Office Complaint Records (ODNI–
14), 75 FR 16866 (April 2, 2010).

In accordance with 5 U.S.C. 552a(r), ODNI has provided a report of this revised system of records to
the Office of Management and Budget and to Congress.

Rebecca J. Richards,
Civil Liberties Protection Officer,
Chief, Civil Liberties, Privacy, and Transparency Office,
Office of the Director of National Intelligence.

BILLING CODE 9500-01-P-P
[FR Doc. 2024-14290 Filed: 6/27/2024 8:45 am; Publication Date: 6/28/2024]