Privacy Act of 1974; Department of Homeland Security/National Protection and Programs Directorate-002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records
Notice Of Privacy Act System Of Records.
In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new system of records notice titled, “Department of Homeland Security/National Protection and Programs Directorate—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records.” This new system of records collects information on individuals,—facility personnel and unescorted visitors—who have or are seeking access to restricted areas and critical assets at high risk chemical facilities and compares this information to the Terrorist Screening Database, the terrorist watchlist maintained by the Federal Bureau of Investigation's Terrorist Screening Center. The Department of Homeland Security is issuing a Notice of Proposed Rulemaking concurrently with this system of records elsewhere in the Federal Register to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements. This newly established system of records will be included in the Department of Homeland Security's inventory of record systems.
Table of Contents Back to Top
- FOR FURTHER INFORMATION CONTACT:
- SUPPLEMENTARY INFORMATION:
- I. Background
- II. Privacy Act
- System of Records
- System name:
- Security classification:
- System location:
- Categories of individuals covered by the system:
- Categories of records in the system:
- Authority for maintenance of the system:
- Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
- Disclosure to consumer reporting agencies:
- Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
- Retention and disposal:
- System manager and address:
- Notification procedure:
- Record access procedures:
- Contesting record procedures:
- Record source categories:
- Exemptions claimed for the system:
DATES: Back to Top
Submit comments on or before July 14, 2011. This system will be effective July 14, 2011.
ADDRESSES: Back to Top
You may submit comments, identified by docket number [DHS-2011-0032] by one of the following methods:
- Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
- Fax: 703-483-2999.
- Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
- Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
- Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Back to Top
For general questions please contact: Emily Andrew (703-235-2182), Privacy Officer, National Protection and Programs Directorate, Department of Homeland Security, Washington, DC 20528. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION: Back to Top
I. Background Back to Top
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD) proposes to establish a DHS system of records titled, “DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records.”
On October 4, 2006, the President signed the DHS Appropriations Act of 2007 (the Act), Public Law 109-295. Section 550 of the Act (Section 550) provides DHS with the authority to regulate the security of high-risk chemical facilities. DHS has promulgated regulations implementing Section 550, the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR part 27.
Section 550 requires that DHS establish Risk Based Performance Standards (RBPS) as part of CFATS. RBPS-12 (6 CFR 27.230(a)(12)(iv)) requires that regulated chemical facilities implement “measures designed to identify people with terrorist ties.” The ability to identify individuals with terrorist ties is an inherently governmental function and requires the use of information held in government-maintained databases, which are unavailable to high-risk chemical facilities. Therefore, DHS is implementing the CFATS Personnel Surety Program, which will allow chemical facilities to comply with RBPS-12 by implementing “measures designed to identify people with terrorist ties.”
The CFATS Personnel Surety Program will work with the DHS Transportation Security Administration (TSA) to identify individuals who have terrorist ties by vetting information submitted by each high-risk chemical facility against the Terrorist Screening Database (TSDB). The TSDB is the Federal government's consolidated and integrated terrorist watchlist of known and suspected terrorists, maintained by the Department of Justice (DOJ) Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC). For more information on the TSDB, see DOJ/FBI—019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007).
High-risk chemical facilities or their designees will submit the information of: (1) Facility personnel who have or are seeking access, either unescorted or otherwise, to restricted areas or critical assets; and (2) unescorted visitors who have or are seeking access to restricted areas or critical assets. These persons, about whom high-risk chemical facilities and facilities' designees will submit information to DHS, are referred to in this notice as “affected individuals.” Individual high-risk facilities may classify particular contractors or categories of contractors either as “facility personnel” or as “visitors.” This determination should be a facility-specific determination, and should be based on facility security, operational requirements, and business practices.
Information will be submitted to DHS/NPPD through the Chemical Security Assessment Tool (CSAT), the online data collection portal for CFATS. The high-risk chemical facility or its designees will submit the information of affected individuals to DHS through CSAT. The submitters of this information (“Submitters”) for each high-risk chemical facility will also affirm, to the best of their knowledge, that the information is: (1) True, correct, and complete; and (2) collected and submitted in compliance with the facility's Site Security Plan (SSP) or Alternative Security Program (ASP), as reviewed and authorized and/or approved in accordance with 6 CFR 27.245. The Submitter(s) of each high-risk chemical facility will also affirm that, in accordance with their Site Security Plans, notice required by the Privacy Act of 1974, 5 U.S.C. § 552a, has been given to affected individuals before their information is submitted to DHS.
DHS will send a verification of receipt to the Submitter(s) of each high-risk chemical facility when a high-risk chemical facility: (1) Submits information about an affected individual for the first time; (2) submits additional, updated, or corrected information about an affected individual; and/or (3) notifies DHS that an affected individual no longer has or is seeking access to that facility's restricted areas or critical assets.
Upon receipt of each affected individual's information in CSAT, DHS/NPPD will send a copy of the information to DHS/TSA. Within DHS/TSA, the Office of Transportation Threat Assessment and Credentialing (TTAC) conducts vetting against the TSDB for several DHS programs. DHS/TSA/TTAC will compare the information of affected individuals collected by DHS (via CSAT) to information in the TSDB. DHS/TSA/TTAC will forward potential matches to the DOJ/FBI/TSC, which will make a final determination of whether an individual's information is identified as a match to a record in the TSDB.
In certain instances, DHS/NPPD may contact a high-risk chemical facility to request additional information (e.g., visa information) pertaining to particular individuals in order to clarify suspected data errors or resolve potential matches (e.g., in situations where an affected individual has a common name). Such requests will not imply, and should not be construed to indicate that an individual's information has been confirmed as a match to a TSDB record.
DHS/NPPD may also conduct data accuracy reviews and audits as part of the CFATS Personnel Surety Program. Such reviews may be conducted on random samples of affected individuals. To assist with this activity, DHS/NPPD may request information pertaining to affected individuals that was previously provided to DHS/NPPD by high-risk chemical facilities, in order to confirm the accuracy of that information.
Consistent with the Department's information sharing mission, information stored in the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records may be shared with other DHS components, as well as appropriate Federal, state, local, Tribal, foreign, or international government agencies. This sharing will only take place after DHS determines that the receiving component or agency has a need to know the information to carry out national security, law enforcement, immigration, intelligence, or other functions consistent with the routine uses set forth in this system of records notice.
Additionally, DHS is issuing a Notice of Proposed Rulemaking (NPRM) concurrently with this system of records, to be published elsewhere in the Federal Register, to exempt portions of the system of records from provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.
This newly established system of records will be included in the Department's inventory of record systems.
II. Privacy Act Back to Top
The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States government collects, maintains, uses, and disseminates individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, individuals are defined to encompass United States citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals where systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations, 6 CFR Part 5.
The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency record keeping practices transparent, to notify individuals regarding the uses to which their records are put, and to assist individuals to more easily find such records within the agency. Below is the description of the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records.
In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget and to Congress.
System of Records Back to Top
DHS/NPPD—002 Back to Top
DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records.
Unclassified, sensitive, law enforcement sensitive, for official use only, and classified.
Records are maintained at DHS and Component headquarters in Washington, DC, and at field offices.
Categories of individuals covered by the system:
(1) High-risk chemical facility personnel and unescorted visitors who have or are seeking access to restricted areas or critical assets at high-risk chemical facilities (see 6 CFR 27.230(a)(12));
(2) High-risk chemical facility personnel or designees who contact DHS/NPPD or a Federal law enforcement entity with follow-up questions regarding submission of an individual's information to DHS/NPPD;
(3) Individuals listed in the TSDB against whom potential or confirmed matches have been made; and
(4) Individuals who have been or seek to be distinguished from individuals in the TSDB through redress or other means as a result of the Personnel Surety Program.
Categories of records in the system:
(1) High-risk chemical facilities are required to submit the following information on all facility personnel and unescorted visitors who have or are seeking access to restricted areas or critical assets:
a. U.S. Citizens and Lawful Permanent Residents
i. Full name;
ii. Date of birth; and
iii. Citizenship or Gender.
b. Non-U.S. persons
i. Full name;
ii. Date of birth;
iii. Citizenship; and
iv. Passport information and/or alien registration number.
(2) To reduce the likelihood of false positives in matching against the TSDB, high-risk chemical facilities may also (optionally) submit the following information on facility personnel and unescorted visitors who have or are seeking access to restricted areas or critical assets:
b. Gender (for Non-U.S. persons);
c. Place of birth; and
d. Redress Number.
(3) High-risk chemical facilities may submit different information on individuals who maintain DHS screening program credentials or endorsements that require TSDB checks equivalent to the checks to be performed as part of the CFATS Personnel Surety Program. Instead of submitting the information listed in category (1), above, high risk chemical facilities may submit the following information for such individuals:
a. Full name;
b. Date of birth;
c. Name of the DHS program which conducts equivalent vetting against the TSDB, such as the Transportation Worker Identification Credential (TWIC) program or the Hazardous Materials Endorsement (HME) program;
d. Unique number, or other program specific verifying information associated with a DHS screening program, necessary to verify an individual's enrollment, such as TWIC Serial Number for the TWIC program, or Commercial Driver's License (CDL) Number and CDL issuing state(s) for the HME program; and
e. Expiration date of the credential endorsed or issued by the DHS screening program.
This alternative is optional—high-risk chemical facilities may either submit the information listed in category (1) for such individuals, or may submit the information listed in category (3) for such individuals.
(4) When high-risk chemical facilities choose to submit the information listed in category (3), above, they may also (optionally) submit the following information on facility personnel and unescorted visitors who have or are seeking access to restricted areas or critical assets:
b. Place of Birth;
d. Citizenship; and
e. Redress Number.
(5) DHS could collect additional identifying information from a high-risk chemical facility, as necessary to confirm or clear a potential match to a TSDB record. Information collected by high-risk chemical facilities and submitted to DHS for this purpose could include any information listed in categories (1) through (4), passport information, visa information, driver's license information, or other available identifying particulars, used to compare the identity of an individual being screened with information listed in the TSDB;
(6) In the event that a confirmed match is identified as part of the CFATS Personnel Surety Program, in addition to other records listed under the categories of records section of this SORN, DHS will obtain references to and/or information from other government law enforcement and intelligence databases, or other relevant databases that may contain terrorism information;
(7) Information necessary to assist in tracking submissions and transmission of records, including electronic verification that DHS has received a particular record; and
(8) Information provided by individuals covered by this system in support of any redress request, including DHS Redress Numbers and/or any of the above categories of records.
Authority for maintenance of the system:
DHS Appropriations Act of 2007, Section 550, Public Law 109-295, 120 Stat. 1355 (October 4, 2006), as amended; and the Chemical Facility Anti-Terrorism Standards, 6 CFR part 27 (published April 9, 2007), as amended.
Information is collected to identify persons listed in the TSDB, who have or are seeking access to restricted areas or critical assets at high-risk chemical facilities.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (including United States Attorney Offices) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:
1. DHS or any component thereof;
2. Any employee of DHS in his/her official capacity;
3. Any employee of DHS in his/her individual capacity where the Department of Justice or DHS has agreed to represent the employee; or
4. The United States, or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.
B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.
C. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when:
1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;
2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual that relies upon the compromised information; and
3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.
G. To an appropriate Federal, state, Tribal, territorial, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.
H. To Federal, state, local, Tribal, territorial, foreign, multinational, or private sector entities as appropriate to assist in coordination of terrorist threat awareness, assessment, analysis or response.
I. To an appropriate Federal, state, Tribal, local, international, or foreign agency or other appropriate authority regarding individuals who pose, or are suspected of posing a risk to national security.
J. To an appropriate Federal, state, Tribal, local, international, foreign agency, other appropriate governmental entities or authority to:
1. Determine whether an individual is a positive identity match to an identity in the TSDB;
2. Facilitate operational, law enforcement, or intelligence responses, if appropriate, when vetted individuals' identities match identities in the TSDB;
3. Provide information and analysis about terrorist encounters and known or suspected terrorist associates to appropriate domestic and foreign government agencies and officials for counterterrorism purposes; or
4. Perform technical implementation functions necessary for the CFATS Personnel Surety Program.
Disclosure to consumer reporting agencies:
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
Records may be maintained at secured government facilities, Federal contractor locations, or locations of other parties that perform functions related to the CFATS Personnel Surety Program. Records are stored on magnetic disc, tape, digital media, and CD-ROM, and may also be retained in hard copy format in secure file folders or safes.
Records are retrievable by searching any of the categories of records listed above. Records may also be retrievable by relevant chemical facility name, chemical facility location, chemical facility contact information, and by other facility-specific data points.
Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer systems containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.
Retention and disposal:
A proposed schedule for the retention and disposal of records collected under the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records is being developed by the DHS and NPPD Offices of Records Management for approval by the National Archives and Records Administration (NARA).
The length of time DHS/NPPD will retain information on individuals will be dependent on individual TSDB vetting results. Specifically, individuals' information will be retained as described below, based on the individuals' placements into three categories:
(1) Information pertaining to an individual who is not a potential or confirmed match to a TSDB record will be retained for one year after a high-risk chemical facility has notified NPPD that the individual no longer has or is seeking access to the restricted areas or critical assets of the facility;
(2) Information pertaining to an individual who may originally have appeared to be a match a TSDB record, but who was subsequently determined not to be a match, will be retained for seven years after completion of TSDB matching, or one year after the high-risk chemical facility that submitted that individual's information has notified DHS/NPPD that the individual no longer has or is seeking access to the restricted areas or critical assets of the facility, whichever is later; and
(3) Information pertaining to an individual who is a positive match to a TSDB record will be retained for ninety-nine years after completion of matching activity, or seven years after DHS/NPPD learns that the individual is deceased, whichever is earlier.
DHS/TSA/TTAC will maintain records within its possession in accordance with the DHS/TSA-002—Transportation Security Threat Assessment System of Records, 75 FR 28046 (May 19, 2010). DHS/CBP will maintain records in its possession in accordance with the DHS/CBP-002—Global Enrollment System of Records, 71 FR 20708 (April 21, 2006).
DHS/NPPD will also retain records to conduct inspections or audits under 6 CFR 27.245 and 6 CFR 27.250 to ensure that high-risk chemical facilities are in compliance with CFATS. These records could include the names of individuals with access to high-risk chemical facilities' restricted areas and critical assets, the periods of time during which high-risk chemical facilities indicate that such individuals have/had access, and any other information listed elsewhere in this notice, as appropriate.
The retention periods for these records provide reasonable amounts of time for law enforcement, intelligence, or redress matters involving individuals who have or are seeking access to restricted areas or critical assets at high-risk chemical facilities.
System manager and address:
CFATS Personnel Surety Program Manager, 250 Murray Lane, SW., Mail Stop 0610, Washington, DC 20528.
The Secretary of Homeland Security is proposing to exempt this system from the notification, access, and amendment procedures of the Privacy Act. DHS/NPPD, however, will consider individual requests to determine whether or not information may be released. Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the DHS/NPPD Freedom of Information Act (FOIA) Officer, whose contact information can be found at http://www.dhs.gov/foia under “contacts.”
When seeking records about yourself from this system of records or any other Department system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address, and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov or 1-866-431-0486. In addition you should provide the following:
- An explanation of why you believe the Department would have information about you;
- Identify which component(s) of the Department you believe may have the information about you;
- Specify when you believe records containing information about you would have been created;
- Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records; and
- If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.
Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.
Record access procedures:
See “Notification procedure” above.
Contesting record procedures:
See “Notification procedure” above.
Record source categories:
Information is primarily obtained from high-risk chemical facilities and their designees. High-risk chemical facilities shall provide notice to each affected individual prior to submission of the affected individual's information to DHS/NPPD. This will include notice that additional information may be requested after the initial submission. Information may also be obtained from other DHS programs when DHS verifies enrollment of an affected individual in another vetting or credentialing program. Information may also be obtained from the DOJ/FBI—019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007), or from other FBI sources.
Exemptions claimed for the system:
Concurrently with publication of this system of records notice, the Secretary of Homeland Security is publishing a notice of proposed rulemaking proposing to exempt this system from the following provisions of the Privacy Act, subject to the limitations set forth therein: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f). These exemptions are made pursuant to 5 U.S.C. 552a(k)(1) and (k)(2).
Further, DHS derivatively claims some exemptions for this system of records because it may contain records or information recompiled from or created from information contained in the TSDB. For more information on the FBI's Terrorist Screening Records System, see DOJ/FBI—019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007).
DHS does not claim any exemptions for the information high-risk chemical facilities (or their designees) submit to DHS as part of this system of records.
Dated: June 6, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-14383 Filed 6-13-11; 8:45 am]
BILLING CODE 9110-9P-P