Privacy Act of 1974; Department of Homeland Security/ALL-001 Freedom of Information Act and Privacy Act Records System of Records
Notice Of Privacy Act System Of Records.
Pursuant to the Privacy Act of 1974 (5 U.S.C. 552a), the Department of Homeland Security (“Department” or “DHS”) proposes to modify the current Department of Homeland Security system of records notice titled, “Department of Homeland Security/ALL—001 Freedom of Information Act and Privacy Act Records System of Records,” last published October 28, 2009. This system of records allows the Department of Homeland Security to collect and maintain records about Freedom of Information Act (FOIA) and Privacy Act requests and appeals submitted to the Department, including any litigation that may result therefrom, information on Mandatory Declassification Reviews, and information that is created and used in the Department's management of the FOIA and Privacy Act programs. As a result of the biennial review of this system, (1) the location of certain records has been updated, (2) categories of records has been updated to clarify that responses are included, (3) five routine uses have been added, and (4) six routine uses have been modified. Additionally, this Notice includes non-substantive changes to simplify the formatting and the text of the previously published Notice. The entire notice is being republished for ease of reference. This updated system will be included in the Department of Homeland Security's inventory of record systems.
Table of Contents Back to Top
- FOR FURTHER INFORMATION CONTACT:
- SUPPLEMENTARY INFORMATION:
- I. Background
- II. Privacy Act
- System of Records
- System name:
- Security classification:
- System location:
- Categories of individuals covered by the system:
- Categories of records in the system:
- Authority for maintenance of the system:
- Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
- Disclosure to consumer reporting agencies:
- Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
- Retention and disposal:
- System Manager and address:
- Notification procedure:
- Record access procedures:
- Contesting record procedures:
- Record source categories:
- Exemptions claimed for the system:
DATES: Back to Top
Submit comments on or before March 6, 2014. This updated system will be effective March 6, 2014.
ADDRESSES: Back to Top
You may submit comments, identified by docket number DHS-2013-0066 by one of the following methods:
- Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
- Fax: 202-343-4010.
- Mail: Karen L. Neuman, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Back to Top
For general questions and privacy issues please contact: Karen L. Neuman (202-343-1717), Chief Privacy Officer and Chief Freedom of Information Act Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION: Back to Top
I. Background Back to Top
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) proposes to modify a current DHS system of records titled “DHS/ALL—001 Freedom of Information Act and Privacy Act Records System of Records,” 74 FR 55572 (October 28, 2009).
As part of its biennial review process, DHS is updating and reissuing this system of records notice to reflect a change in the location of records to include the use of electronic FOIA tracking systems by DHS and its components, and because routine uses are being updated to permit additional sharing. Categories of records have been updated to include responses to requests. Routine use (L) has been added to permit sharing with National Archives and Records Administration (NARA), Office of Government Information Services (OGIS) so those agencies can review administrative policies, procedures, and compliance, and to facilitate resolutions to disputes between persons making Freedom of Information Act (FOIA) requests and DHS. Routine use (M) has been added to allow information to be shared with a court, magistrate, or administrative tribunal in the course of presenting evidence, litigation, or settlement negotiations, or in response to a subpoena, or in connection with criminal law proceedings. Routine use (N) has been added to allow information to be shared with a court, grand jury, or administrative or adjudicative body, when DHS determines that the records are relevant, to the proceeding. Routine use (O) has been added to allow information to be shared with appropriate federal, state, tribal, local, or foreign governmental agencies or multilateral government organizations responsible for investigations or prosecutions when DHS believes the information would assist enforcement of applicable civil or criminal laws. Routine use (P) has been added to allow information to be shared with the news media and the public, with approval of the Chief Privacy Officer in consultation with counsel.
In addition, six routine uses have been modified. Routine use (A) has been modified to include former employees of DHS and to eliminate redundant language. Routine use (C) has been updated to specify that information may be shared specifically with the General Services Administration (GSA) for records management purposes. Modifications have been made to routine uses (D), (E), (G), and (H) to provide greater clarity and make non-substantive grammatical changes.
Consistent with DHS's information sharing mission, information stored in the DHS/ALL—001 Freedom of Information Act and Privacy Act Records System of Records may be shared with other DHS components that have a need to know the information to carry out their national security, law enforcement, immigration, intelligence, or other homeland security functions. In addition, information may be shared with appropriate other federal, state, local, tribal, territorial, foreign, or international government agencies consistent with the routine uses set forth in this systems of records notice. Certain information about FOIA requestors, including the name of the requestor and a description of the requested records is not exempt under the FOIA and is released to outside entities who request such information.
The previously issued Final Rule exempting this system of records from certain provisions of the Privacy Act remains in effect [75 FR 50846 (August 18, 2010)]. This updated system will be included in DHS's inventory of record systems.
II. Privacy Act Back to Top
The Privacy Act embodies fair information principles in a statutory framework governing the means by which federal government agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass United States citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals when systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors.
Below is the description of the DHS/ALL—001 Freedom of Information Act and Privacy Act Records System of Records.
In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget and to Congress.
System of Records
Department of Homeland Security (DHS)/ALL—001
DHS/ALL—001 Freedom of Information Act and Privacy Act Records.
Classified and unclassified.
Records are maintained at DHS and component Freedom of Information Act (FOIA) offices in Washington, DC, and at field locations. Electronic records are maintained within electronic request tracking systems. These records reside within DHS and component FOIA office systems and databases. These systems and databases include commercial off-the-shelf applications as well as government developed applications and systems.
Categories of individuals covered by the system:
The system encompasses all individuals who submit FOIA requests, Privacy Act requests, and administrative appeals to DHS; individuals whose requests and/or records have been referred to DHS by other agencies; attorneys or other persons representing individuals submitting such requests and appeals; individuals who are the subjects of such requests and appeals; individuals who file litigation based on their requests; Department of Justice (DOJ) and other government litigators; and/or DHS personnel assigned to handle such requests or appeals.
Categories of records in the system:
- Records received, created, or compiled in processing FOIA and Privacy Act requests or appeals, including:
○ Original requests and administrative appeals and responses to either or both;
○ Intra or interagency memoranda, referrals, correspondence, notes, fee schedules, assessments, cost calculations, and other documentation related to the referral and/or processing of the FOIA and/or Privacy Act request or appeal;
○ Correspondence with the individuals or entities that submitted the requested records and copies of the requested records, including records that might contain confidential business information or personal information;
○ Correspondence related to fee determinations and collection of fees owed under the FOIA; and
○ Copies of requested records and records under administrative appeals.
- Types of information in the records may include:
○ Requesters' and their attorneys' or representatives' information including name, address, email address, telephone numbers, fax numbers, office telephone numbers, and FOIA and Privacy Act case numbers;
○ Name, address, email address, telephone numbers, and fax number of DHS employees and contractors;
○ Name of the person who is the subject of the request or administrative appeal;
○ Fee determinations and amounts of fees owed;
○ Unique case identifier;
○ Alien Registration Number (A-Number) of the requester/appellant or the attorney or other individual representing the requester, or other identifier assigned to the request or appeal;
○ Other identifiers provided by a requester/appellant about him or herself, or about the individual whose records are requested, such as social security number, driver's license number, FBI Number, or A-Number.
- The system also contains copies of documents relevant to appeals and lawsuits brought under the FOIA and Privacy Act including those from DOJ and other government litigators.
Authority for maintenance of the system:
The purpose of this system is to support the processing of record access requests and administrative appeals under the FOIA, as well as access, notification, and amendment requests and administrative appeals under the Privacy Act, whether DHS receives such requests directly from the requester or via referral from another agency. In addition this system is used to support agency participation in litigation arising from such requests and appeals, and to assist DHS in carrying out any other responsibilities under the FOIA or the access or amendment provisions of the Privacy Act.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, which includes the release of the name of individuals making FOIA requests and a description of the records requested as required by FOIA, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ) including United States Attorney Offices, or other federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:
1. DHS or any component thereof;
2. Any employee or former employee of DHS in his/her official capacity;
3. Any employee or former employee of DHS in his/her individual capacity when DOJ or DHS has agreed to represent the employee; or
4. The U.S. or any agency thereof.
B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.
C. To National Archives and Records Administration (NARA) or the General Services Adminstration (GSA) pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency, or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when:
1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;
2. DHS has determined that as a result of the suspected or confirmed compromise, there is a risk of identity theft or fraud, harm to economic or property interests, harm to an individual, or harm to the security or integrity of this system or programs (whether maintained by DHS or another agency or entity) that rely upon the compromised information; and
3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.
G. To an appropriate federal, state, tribal, local, international, or foreign agency, including law enforcement, or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations.
H. To a federal, state, local, or foreign agency or entity for the purpose of consulting with that agency or entity to enable DHS to make a determination as to the propriety of access to or correction of information, or for the purpose of verifying the identity of an individual or the accuracy of information submitted by an individual who has requested access to or amendment of information.
I. To a federal agency or other federal entity that furnished the record or information for the purpose of permitting that agency or entity to make a decision regarding access to or correction of the record or information, or to a federal agency or entity for purposes of providing guidance or advice regarding the handling of particular requests.
J. To the DOJ, to the Department of Treasury (DOT), or to a consumer reporting agency for collection action on any delinquent debt when circumstances warrant.
K. To the Office of Management and Budget (OMB) or the DOJ to obtain advice regarding statutory and other requirements under the FOIA or Privacy Act.
L. To National Archives and Records Administration, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures, and compliance with the FOIA, and to facilitate OGIS's offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.
M. To a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations, or in response to a subpoena, or in connection with criminal law proceedings.
N. In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body, when DHS determines that the records are relevant to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding.
O. To appropriate federal, state, tribal, local, or foreign governmental agencies or multilateral government organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, when DHS believes the information would assist enforcement of applicable civil or criminal laws.
P. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of DHS or is necessary to demonstrate the accountability of DHS's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy, or that disclosure would violate any federal statuate or regulation.
Disclosure to consumer reporting agencies:
Privacy Act information may be reported to consumer reporting agencies pursuant to 5 U.S.C. 552a(b)(12).
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
Records in this system are stored on paper and/or in electronic form. Records that contain national security information and are classified are stored in accordance with applicable executive orders, statutes, and agency implementing regulations.
Records are retrieved by the name of the requester or appellant; the number assigned to the request or appeal; and in some instances the name of the attorney representing the requester or appellant, the name of an individual who is the subject of such a request or appeal, and/or the name or other identifier of DHS personnel assigned to handle such requests or appeals.
Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is stored. Records and technical equipment are maintained in buildings with restricted access. The required use of password protection identification features and other system protection methods also restrict access. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.
Retention and disposal:
Records are retained and disposed of in accordance with the NARA's General Records Schedule 14, which can be found at: http://www.archives.gov/records-mgmt/grs/grs14.html.
FOIA and Privacy Act records in litigation are retained for ten years after the end of the fiscal year in which judgment was made or when all appeals have been exhausted, whichever is later. This disposition is temporary and is under review and approval was approved by the NARA through pending schedule N1-563-08-33, Item 11.
If the FOIA or Privacy Act record deals with significant policy-making issues, it is a permanent record.
A FOIA or Privacy Act record may qualify as a permanent federal record if the FOIA or Privacy Act record deals with significant policy-making issues. The National Archives, a facility operated by the National Archives and Records Administration (NARA), is responsible for safeguarding Government records. It requires that permanent records go to the National Archives when they are at least 30 years old or when the Agency determines that they are no longer needed for business purposes. Permanent records include all records accessioned by NARA into the National Archives of the United States and later increments of the same records, and those for which the disposition is permanent on SF 115s, Request for Records Disposition Authority, approved by NARA on or after May 14, 1973.
System Manager and address:
For DHS Headquarters records, Deputy Chief FOIA Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528. For components of DHS, the System Manager can be found at http://www.dhs.gov/foia under “contacts.”
If you are seeking notification of and access to any record contained in this system of records, or seeking to contest its content, you may submit a request in writing to the DHS Headquarters' or component's FOIA Officer, whose contact information can be found at http://www.dhs.gov/foia under “contacts.” If you believe more than one component maintains records in this system of records concerning you, you may submit the request to the Chief Privacy Officer and Chief FOIA Officer, Department of Homeland Security, 245 Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.
When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 6 CFR Part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov or 1-866-431-0486. In addition you should:
- Explain why you believe the Department would have information on you;
- Identify which component(s) of the Department you believe may have the information about you;
- Specify when you believe the records would have been created; and
- Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records.
If your request is seeking records on behalf of another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.
Without the above information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.
Record access procedures:
See “Notification procedure” above.
Contesting record procedures:
See “Notification procedure” above.
Record source categories:
Records are obtained from those individuals who submit requests and administrative appeals pursuant to the FOIA and the Privacy Act or who file litigation regarding such requests and appeals; the agency record keeping systems searched in the process of responding to such requests and appeals; Departmental personnel assigned to handle such requests, appeals, and/or litigation; other agencies or entities that have referred to DHS requests concerning DHS records, or that have consulted with DHS regarding handling of particular requests; and submitters or subjects of records or information that have provided assistance to DHS in making access or amendment determinations.
Exemptions claimed for the system:
Pursuant to 5 U.S.C. 552a(j)(2), potions of this system are exempt from the following provisions of the Privacy Act: 5 U.S.C. 552a(c)(3) and (4): (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5), (e)(8), (e)(12); (f); (g)(1); and (h). Additionally, pursuant to 5 U.S.C. 552a(k)(1), (k)(2), (k)(3), (k)(5), and (k)(6), portions of this system are exempt from the following provisions of the Privacy Act: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f). When DHS is processing Privacy Act and/or FOIA requests, responding to appeals, or participating in FOIA or Privacy Act litigation, exempt materials from other systems of records may become part of the records in this system.
To the extent that copies of exempt records from other systems of records are entered into this system, DHS claims the same exemptions for those records that are claimed for the original primary systems of records from which they originated.
Dated: January 10, 2014.
Karen L. Neuman,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2014-02206 Filed 2-3-14; 8:45 am]
BILLING CODE 9110-9B-P