[Federal Register Volume 70, Number 240 (Thursday, December 15, 2005)]
[Rules and Regulations]
[Page 74200]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-24055]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CRIME PREVENTION AND PRIVACY COMPACT COUNCIL

28 CFR Part 906

[NCPPC 113]


Outsourcing of Noncriminal Justice Administrative Functions

AGENCY: National Crime Prevention and Privacy Compact Council.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Compact Council, established pursuant to the National 
Crime Prevention and Privacy Compact Act of 1998 (Compact), is 
adopting, as a final rule, without change, an interim final rule which 
permits the outsourcing of noncriminal justice administrative functions 
involving access to criminal history record information (CHRI). 
Procedures established to permit outsourcing are required to conform 
with the Compact Council's interpretation of Articles IV and V of the 
Compact.

DATES: This rule is effective December 15, 2005.

FOR FURTHER INFORMATION CONTACT: Ms. Donna M. Uzzell, Compact Council 
Chairman, Florida Department of Law Enforcement, 2331 Phillips Road, 
Tallahassee, Florida 32308-5333, telephone number (850) 410-7100.

SUPPLEMENTARY INFORMATION:

I. Background

    The Compact, 42 U.S.C. 14616, establishes uniform standards and 
processes for the interstate and Federal-State exchange of criminal 
history records for noncriminal justice purposes. The Compact was 
approved by the Congress on October 9, 1998, (Pub. L. 105-251) and 
became effective on April 28, 1999, when ratified by the second state. 
Article VI of the Compact provides for a Compact Council that has the 
authority to promulgate rules and procedures governing the use of the 
Interstate Identification Index (III) System for noncriminal justice 
purposes. On December 16, 2004, the Compact Council published in the 
Federal Register, 69 FR 75243, an interim final rule with request for 
comments. This rule permits a third party to perform noncriminal 
justice administrative functions relating to the processing of CHRI 
maintained in the III System, subject to appropriate controls, when 
acting as an agent for a governmental agency or other authorized 
recipient of CHRI. Published in a notice elsewhere in today's edition 
of the Federal Register is the Security and Management Control 
Outsourcing Standard which establishes the appropriate controls.

II. Discussion of Comments on the Interim Final Rule

    The 60-day comment period for the interim final rule closed on 
February 14, 2005. Two comments were received from a state agency.
    The first comment concerned section 906.2(b). The state agency 
questioned the clarity of what specifically was contemplated in the 
exceptions to the provision that contractors, agencies, or 
organizations shall not be permitted to have terminal access to the III 
System and suggested further explanation or examples of what situations 
would permit contractors to have direct terminal access to the III 
System. The Compact, at Article V (c), provides ``Direct access to the 
National Identification Index by entities other than the FBI and State 
criminal history record repositories shall not be permitted for 
noncriminal justice purposes'' and 42 U.S.C. 14614(b) provides that 
``Nothing in the Compact shall interfere in any manner with--(1) 
access, direct or otherwise, to records pursuant to--(the various laws 
specified in that section) or (2) any direct access to Federal criminal 
history records authorized by law.'' Therefore, authorized agencies 
(i.e., FBI, state repositories, and certain agencies performing the 
background checks authorized under 42 U.S.C. 14614(b)) require direct 
access to III in order to perform their authorized functions. Although 
these agencies may choose not to outsource these functions, the 
exception language in the rule was intended to not prohibit that 
option.
    The second comment questioned whether the Outsourcing Rule has any 
affect on a specific provision of the Security Clearance Information 
Act (SCIA) (5 U.S.C. 9101) which authorizes a State criminal history 
record repository to require that fingerprints accompany a SCIA record 
check request if certain requirements are met. Pursuant to the SCIA, 
the six covered federal agencies may have direct terminal access to the 
III to conduct record checks of individuals being considered for 
assignment or retention in a position with access to classified 
information, a critical or sensitive position, a position of public 
trust, etc. The SCIA also provides that ``Such a request to a State 
criminal history record repository shall be accompanied by the 
fingerprints of the individual who is the subject of the request if 
required by State law and if the repository uses the fingerprints in an 
automated fingerprint identification system.'' Accordingly, the 
Outsourcing Rule has no impact on this SCIA provision nor does the rule 
affect the state law requiring fingerprints for use in conducting a 
state automated fingerprint identification system record check for such 
purposes.
    The Compact Council did not believe that any changes to the rule 
were necessary based on the comments; therefore, the interim final rule 
is being adopted as final without change.

List of Subjects in 28 CFR Part 906

    Administrative practice and procedure, Intergovernmental relations, 
Law Enforcement, Privacy.

PART 906--OUTSOURCING OF NONCRIMINAL JUSTICE ADMINISTRATIVE 
FUNCTIONS

    Accordingly, the interim final rule adding part 906 which was 
published at 69 FR 75243 on December 16, 2004, is adopted as a final 
rule without change.

    Dated: November 23, 2005.
Donna M. Uzzell,
Compact Council Chairman.
[FR Doc. 05-24055 Filed 12-14-05; 8:45 am]
BILLING CODE 4410-02-P