Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/National Protection and Programs Directorate-002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records
Notice Of Proposed Rulemaking.
The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the Department of Homeland Security/National Protection and Programs Directorate—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.
Table of Contents Back to Top
- FOR FURTHER INFORMATION CONTACT:
- SUPPLEMENTARY INFORMATION:
- I. Background
- II. Privacy Act
- List of Subjects in 6 CFR Part 5
- PART 5—DISCLOSURE OF RECORDS AND INFORMATION
- Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act
DATES: Back to Top
Comments must be received on or before July 14, 2011.
ADDRESSES: Back to Top
You may submit comments, identified by docket number DHS-2011-0033, by one of the following methods:
- Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
- Fax: 703-483-2999.
- Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
- Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
- Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.
Instructions: All submissions received must include the agency name and docket number for this notice. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Back to Top
For general questions please contact: Emily Andrew (703-235-2182), Privacy Officer, National Protection and Programs Directorate, Department of Homeland Security, Washington, DC 20528. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION: Back to Top
I. Background Back to Top
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD) proposes to establish a DHS system of records titled, “DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records.”
On October 4, 2006, the President signed the DHS Appropriations Act of 2007 (the Act), Public Law 109-295. Section 550 of the Act (Section 550) provides DHS with the authority to regulate the security of high-risk chemical facilities. DHS has promulgated regulations implementing Section 550, the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR part 27.
Section 550 requires that DHS establish Risk Based Performance Standards (RBPS) as part of CFATS. RBPS-12 (6 CFR 27.230(a)(12)(iv)) requires that regulated chemical facilities implement “measures designed to identify people with terrorist ties.” The ability to identify individuals with terrorist ties is an inherently governmental function and requires the use of information held in government-maintained databases, which are unavailable to high-risk chemical facilities. Therefore, DHS is implementing the CFATS Personnel Surety Program, which will allow chemical facilities to comply with RBPS-12 by implementing “measures designed to identify people with terrorist ties.”
The CFATS Personnel Surety Program will work with the DHS Transportation Security Administration (TSA) to identify individuals who have terrorist ties by vetting information submitted by each high-risk chemical facility against the Terrorist Screening Database (TSDB). The TSDB is the Federal government's consolidated and integrated terrorist watchlist of known and suspected terrorists, maintained by the Department of Justice (DOJ) Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC). For more information on the TSDB, see DOJ/FBI—019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007).
High-risk chemical facilities or their designees will submit the information of: (1) Facility personnel who have or are seeking access, either unescorted or otherwise, to restricted areas or critical assets; and (2) unescorted visitors who have or are seeking access to restricted areas or critical assets. These persons, about whom high-risk chemical facilities and facilities' designees will submit information to DHS, are referred to in this notice as “affected individuals.” Individual high-risk facilities may classify particular contractors or categories of contractors either as “facility personnel” or as “visitors.” This determination should be a facility-specific determination, and should be based on facility security, operational requirements, and business practices.
Information will be submitted to DHS/NPPD through the Chemical Security Assessment Tool (CSAT), the online data collection portal for CFATS. The high-risk chemical facility or its designees will submit the information of affected individuals to DHS through CSAT. The submitters of this information (“Submitters”) for each high-risk chemical facility will also affirm, to the best of their ability, that the information is: (1) True, correct, and complete; and (2) collected and submitted in compliance with the facility's Site Security Plan (SSP) or Alternative Security Program (ASP), as reviewed and authorized and/or approved in accordance with 6 CFR 27.245. The Submitter(s) of each high-risk chemical facility will also affirm that, in accordance with their Site Security Plans, notice required by the Privacy Act of 1974, 5 U.S.C. § 552a, has been given to affected individuals before their information is submitted to DHS.
DHS will send a verification of receipt to the Submitter(s) of each high-risk chemical facility when a high-risk chemical facility: (1) Submits information about an affected individual for the first time; (2) submits additional, updated, or corrected information about an affected individual; and/or (3) notifies DHS that an affected individual no longer has or is seeking access to that facility's restricted areas or critical assets.
Upon receipt of each affected individual's information in CSAT, DHS/NPPD will send a copy of the information to DHS/TSA. Within DHS/TSA, the Office of Transportation Threat Assessment and Credentialing (TTAC) conducts vetting against the TSDB for several DHS programs. DHS/TSA/TTAC will compare the information of affected individuals collected by DHS (via CSAT) to information in the TSDB. DHS/TSA/TTAC will forward potential matches to the DOJ/FBI/TSC, which will make a final determination of whether an individual's information is identified as a match to a record in the TSDB.
In certain instances, DHS/NPPD may contact a high-risk chemical facility to request additional information (e.g., visa information) pertaining to particular individuals in order to clarify suspected data errors or resolve potential matches (e.g., in situations where an affected individual has a common name). Such requests will not imply, and should not be construed to indicate, that an individual's information has been confirmed as a match to a TSDB record.
DHS/NPPD may also conduct data accuracy reviews and audits as part of the CFATS Personnel Surety Program. Such reviews may be conducted on random samples of affected individuals. To assist with this activity, DHS/NPPD may request information pertaining to affected individuals, previously provided to DHS/NPPD by high-risk chemical facilities, in order to confirm the accuracy of that information.
Consistent with the Department's information sharing mission, information stored in the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records may be shared with other DHS components, as well as appropriate Federal, state, local, Tribal, foreign, or international government agencies. This sharing will only take place after DHS determines that the receiving component or agency has a need to know the information to carry out national security, law enforcement, immigration, intelligence, or other functions consistent with the routine uses set forth in this system of records notice.
II. Privacy Act Back to Top
The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States government collects, maintains, uses, and disseminates personally identifiable information. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. Individuals may request their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations, 6 CFR part 5.
The Privacy Act requires each agency to publish in the Federal Register a description denoting of the type and character of each system of records that the agency maintains, and the routine uses made of records in each system. These requirements exist in order to make agency recordkeeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist individuals in finding records containing information about them.
The Privacy Act allows government agencies to exempt certain records from the access and amendment provisions of the Privacy Act. If an agency claims exemptions from Privacy Act requirements, however, it must issue a Notice of Proposed Rulemaking (NPRM), followed by a Final Rulemaking, to make clear to the public the reasons for claiming particular exemptions.
DHS is claiming exemptions from certain requirements of the Privacy Act for the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records. Some information in the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records may contain records or information recompiled from or created from information contained in the DOJ/FBI—019 Terrorist Screening Records System, 72 FR 47073 (August 22, 2007). Therefore, some information contained in the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records relates to national security, law enforcement, and intelligence. These exemptions are needed to protect this information from disclosure to subjects or others related to these activities. Specifically, the exemptions are required to preclude subjects of these activities from frustrating these activities; to avoid disclosure of activity techniques; to protect the identities and physical safety of confidential informants and law enforcement personnel; to ensure the Department's ability to obtain information from third parties and other sources; to protect the privacy of third parties; to safeguard classified information; and to safeguard records. Disclosure of information to the subject of an inquiry could also permit the subject to avoid detection or apprehension.
The exemptions proposed here are standard law enforcement and national security exemptions exercised by a large number of Federal law enforcement and intelligence agencies. In appropriate circumstances, where compliance would not appear to interfere with or adversely affect the law enforcement purposes of this system and the overall law enforcement process, the applicable exemptions may be waived on a case by case basis.
A system of records notice for the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records is also published in this issue of the Federal Register.
- Freedom of information; Privacy
For the reasons stated in the preamble, DHS proposes to amend Chapter I of Title 6, Code of Federal Regulations, as follows:
PART 5—DISCLOSURE OF RECORDS AND INFORMATION Back to Top
1. The authority citation for Part 5 continues to read as follows:
2. Add at the end of Appendix C to Part 5, the following new paragraph “<54>”:
Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act Back to Top
* * * * *
<54>. The DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records consists of electronic and paper records and will be used by DHS. The DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records is a repository of information held by DHS in connection with its several and varied missions and functions including, but not limited to, the enforcement of civil and criminal laws; investigations, inquiries, and proceedings there under; national security and intelligence activities. The DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records contains information that is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other Federal, state, local, Tribal, foreign, or international government agencies.
The Secretary of Homeland Security is publishing a notice of proposed rulemaking, proposing to exempt this system from the following provisions of the Privacy Act, subject to the limitation set forth therein: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f). These exemptions are made pursuant to 5 U.S.C. 552a(k)(1) and (k)(2).
In addition to records under the control of DHS, the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records may include records originating from systems of records of other law enforcement and intelligence agencies, which may be exempt from certain provisions of the Privacy Act. DHS does not, however, assert exemption from any provisions of the Privacy Act with respect to information submitted by high-risk chemical facilities.
To the extent the DHS/NPPD—002 Chemical Facility Anti-Terrorism Standards Personnel Surety Program System of Records contains records originating from other systems of records, DHS will rely on the exemptions claimed for those records in the originating systems of records. Exemptions from these particular subsections are justified, on a case-by-case basis to be determined at the time a request is made, for the following reasons:
(a) From subsection (c)(3) (Accounting for Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest, on the part of DHS as well as the recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension, which would undermine the entire investigative process.
(b) From subsection (d) (Access to Records) because access to the records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of that investigation and reveal investigative interest on the part of DHS or another agency. Access to the records could permit the individual who is the subject of a record to impede the investigation, to tamper with witnesses or evidence, and to avoid detection or apprehension. Amendment of the records could interfere with ongoing investigations and law enforcement activities and would impose an unreasonable administrative burden by requiring investigations to be continually reinvestigated. In addition, permitting access and amendment to such information could disclose security-sensitive information that could be detrimental to homeland security.
(c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations into potential violations of Federal law, the accuracy of information obtained or introduced occasionally may be unclear, or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective law enforcement, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.
(d) From subsections (e)(4)(G), (e)(4)(H), and (e)(4)(I) (Agency Requirements) and (f) (Agency Rules), because portions of this system are exempt from the individual access provisions of subsection (d) for the reasons noted above, and therefore DHS is not required to establish requirements, rules, or procedures with respect to such access. Providing notice to individuals with respect to existence of records pertaining to them in the system of records or otherwise setting up procedures pursuant to which individuals may access and view records pertaining to themselves in the system would undermine investigative efforts and reveal the identities of witnesses, and potential witnesses, and confidential informants.
Dated: June 6, 2011.
Mary Ellen Callahan
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-14386 Filed 6-13-11; 8:45 am]
BILLING CODE 9110-9P-P