Skip to Content


Privacy Act of 1974; System of Records

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


Office of the Chief Human Capital Officer; Department of Homeland Security.


Notice of Privacy Act System of Records.


Pursuant to the Privacy Act of 1974, the Department of Homeland Security proposes to add a new system of records to the Department's inventory, entitled “the MaxHR e-Performance Management System.” This system is an employee performance management e-tool that will standardize and automate related human resources functions that will support a portion of the Department's MaxHR program. This program will support the Department's ability to continue to attract, retain, and reward a robust and highly qualified workforce by transforming DHS human resources policies, processes, systems, streamlining business processes, and consolidating several disparate systems currently in operation. Implementation of the the MaxHR e-Performance Management System will provide greater flexibility and accountability in the way employees are paid, developed, and evaluated. Employees, through a password protected portal, can access the system to initiate each step in the performance cycle, including Start Printed Page 63330performance planning, quarterly reviews, and performance appraisals. Supervisors will utilize various features of the system to review employees' performance, determine completion of goals, and complete performance appraisals. Each step in the performance management cycle, as reflected in the automated system, will serve as a catalyst for increased communication between supervisor and employees to enhance performance and ensure that work is accomplished in an efficient and effective manner.


The new system of records will be effective November 29, 2006, unless comments are received that result in a contrary determination.


You may submit comments, identified by docket number DHS-2006-0041, by one of the following methods:

  • Federal e-Rulemaking Portal: Follow the instructions for submitting comments.
  • FAX: 202-357-8474 (Not a toll-free number).
  • Mail: John S. Allen, U.S. Department of Homeland Security, Director of Human Capital Business Systems, Office of the Chief Human Capital Officer, 245 Murray Lane, SW., Building 410, Washington, DC 20528; or E-mail:
Start Further Info


John S. Allen, U.S. Department of Homeland Security, Office of the Chief Human Capital Officer, Human Capital Business Systems, 245 Murray Lane, SW., Building 410, Washington, DC 20528; or Shila Ressler, U.S. Department of Homeland Security, Executive Secretariat-Management, Washington, DC 20393. For privacy issues please contact: Hugo Teufel III (571-227-3813), Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528.

End Further Info End Preamble Start Supplemental Information


The Department of Homeland Security (DHS), Office of the Chief Human Capital Officer (OCHCO), is publishing a Privacy Act System of Records Notice to cover its collection, use, and maintenance of records relating to its performance management responsibilities for the Department. Until now, pursuant to the savings clause in the Homeland Security Act of 2002, Public Law 107-296, sec. 1512, 116 Stat. 2310 (Nov. 25, 2002) (6 U.S.C. 552), the Department has been relying on legacy Privacy Act systems for this purpose, including Office of Personnel Management's (OPM) Government 2—Employee Performance File System of Records.

The MaxHR Program was established by DHS to implement the human capital provisions of the Homeland Security Act of 2002. The MaxHR program is a collection of functions and systems centered on a core enterprise entitled the Human Resource Management System. A primary component of this overall system is an electronic performance management program based on pay-for-performance principles. Each employee's goals are cascaded down from the organization's goals. By using this approach, each employee's individual work plan is linked to the organization's goals.

DHS developed the MaxHR ePerformance Management System (“the ePerformance System”) to facilitate the implementation and management of this new automated pay-for-performance program. The ePerformance System is designed to support the ongoing review and evaluation of employees by their supervisors. This system collects personally identifiable data from DHS employees, including their full name, Social Security number, pay plan, grade, step, series, supervisory code, organizational code, employee status, probationary dates, and duty locations. The ePerformance tool will be used to set and communicate performance expectations; monitor performance and provide feedback; develop performance goals; complete the appraisal process; address poor performance and reward good performance; and produce performance-related reports. The new system will replace current performance management systems that are largely paper-based and that do not adequately support the new MaxHR program requirements for pay-for-performance.

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the U.S. Government collects, maintains, uses and disseminates personally identifiable information. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number such as property address, mailing address, symbol, or other identifying particular assigned to the individual. The MaxHR Performance Management System is such a system of records.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency record keeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist individuals to more easily find such files within the agency. Below is the description of the MaxHR e-Performance Management System.

In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this new system of records to the Office of Management and Budget and to Congress.


System Name:

MAXHR ePerformance Management System.

Security Classification:

Unclassified but sensitive.

System Location:

The system is located at ServerVault, 1506 Moran Road, Dulles, VA 20166.

Categories of Individuals Covered by the System:

Department of Homeland Security managers, supervisors, and non-bargaining unit employees.

Categories of Records in the System:

The following records are maintained in the ePerformance system: personnel position information, such as position title, name, Social Security number, occupational series, grade, organization, component and duty location; information related to employee performance, including performance goals and competencies, performance appraisals, individual development plans, and notes regarding employee performance.

Authority for Maintenance of the System:

Homeland Security Act of 2002 at Section 841; 5 U.S.C. 9701(a); 5 CFR 9701; DHS Management Directive 3181.


The MaxHR ePerformance Management System will help DHS meet its critical mission needs by transforming disparate paper-based and automated performance management systems into one cohesive, unified enterprise-wide electronic system. The ePerformance System will be used to set and communicate performance expectations; monitor performance and provide feedback; develop performance goals; complete the appraisal process; address poor performance and reward good performance; and produce performance-related reports. By leveraging technology to transform a wide variety of processes and systems, the end result will be greater flexibility and accountability in the way Start Printed Page 63331employees are paid, developed, and evaluated.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use as follows:

A. To the National Finance Center, United States Department of Agriculture, to update employee personnel records and meet government record keeping and reporting requirements.

B. When a record, either on its face on in conjunction with other information, indicates a violation or potential violation of law, whether criminal, civil or administrative, the relevant records may be referred to an appropriate Federal, State, territorial, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting such a violation or enforcing or implementing such law.

C. To a Federal, state, tribal, local or foreign government agency or professional licensing authority in response to its request, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance or status of a license, grant, or other benefit by the requesting entity, to the extent that the information is relevant and necessary to the requesting entity's decision on the matter.

D. To the news media and the public where there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of the Department or is necessary to demonstrate the accountability of the Department's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

E. To the National Archives and Records Administration or other federal government agencies in records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

F. To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish an agency function related to this system of records.

G. To the Department of Justice (DOJ) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) DHS, or (b) any employee of DHS in his/her official capacity, or (c) any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that disclosure is relevant and necessary to the litigation.

H. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

I. To an agency, organization, or individual for the purposes of performing audit or oversight operations as authorized by law.

J. To the Equal Employment Opportunity Commission, Merit Systems Protection Board, Office of the Special Counsel, Federal Labor Relations Authority, or Office of Personnel Management or to arbitrators and other parties responsible for processing any personnel actions or conducting administrative hearings or appeals, or if needed in the performance of authorized duties.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:


Data is stored in a commercial database management system, (Microsoft SQL Server) located at ServerVault, 1506 Moran Road, Dulles, VA 20166. The magnetic storage devices used to store the database are located in a locked vault, accessed only by authorized personnel. The storage media is further protected from loss or damage due to media failure using redundant storage technology that simultaneously updates a backup copy of the database.


Data may be retrieved by the individual's name, Social Security number, or other assigned personal identifier.


Information in this system is safeguarded in accordance with applicable laws, rules, and policies, including the DHS Information Technology Security Program Handbook. All records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have a “need-to-know,” using locks and password protection identification features. DHS file areas are locked after normal duty hours and the facilities are protected from the outside by security personnel.

Further system and data safeguards are outlined in detail in the System Security Plan developed by DHS and Softscape (Automated Service Provider makers of commercial off the shelf software) and ServerVault (the hosting center). Additionally, DHS's Privacy Office is reissuing the ePerformance Privacy Impact Assessment (PIA) with the issuance of this notice. The PIA can be accessed at​privacy.

Retention and Disposal:

The General Records Schedule specifies that performance records for non-Senior Executive Service employees should be destroyed when four (4) years old or no longer needed; for Senior Executive Service employees, when five (5) years old or no longer needed. OCHCO will follow this and the NARA guidance on Employee Performance File System Records.

System Manager(s) and Address:

John S. Allen, U.S. Department of Homeland Security, Chief Human Capital Officer, Human Capital Business Systems, 1201 New York Avenue, NW., Suite 1200, Washington, DC, 20005; or Shila Ressler, U.S. Department of Homeland Security, Executive Secretariat—Management, Washington, DC 20393.

Notification and Procedure:

To determine whether this system contains records relating to you, write to the System Manager identified above.

Record Access Procedure:

A request for access to records in this system may be made by writing to the System Manager, identified above, or to the Director for Departmental Disclosure and FOIA in conformance with 6 CFR part 5, subpart B, which provides the rules for requesting access to Privacy Act records maintained by DHS.

Contesting Record Procedures:

See “Notification Procedure” above. Start Printed Page 63332

Record Source Categories:

Records are obtained from employees, supervisors, and the National Finance Center.

Exemption Claimed for the System:


Start Signature

Dated: October 17, 2006.

Hugo Teufel III,

Chief Privacy Officer.

End Signature End Supplemental Information

[FR Doc. E6-17949 Filed 10-27-06; 8:45 am]