[Federal Register Volume 71, Number 12 (Thursday, January 19, 2006)]
[Pages 3109-3112]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-511]



Office of the Secretary


Privacy Act of 1974; Systems of Records

AGENCY: Privacy Office; Department of Homeland Security.

ACTION: Notice of Privacy Act system of records.


SUMMARY: The Bureau of Customs and Border Protection proposes to revise 
its system of records for collecting carrier, broker and importer/
exporter account information to both update the system and to add as a 
category of records the customs declarations that postal mailers are 
required to complete for international mail transactions.

DATES: The new system of records will be effective February 21, 2006 
unless comments are received that result in a contrary determination.

ADDRESSES: You may submit comments, identified by DHS-2005-0054, by one 
of the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments via docket number DHS-
     Fax: 202-572-8727.
     Mail: Comments by mail are to be addressed to the 
Regulations Branch, Office of Regulations and Rulings, Bureau of 
Customs and Border Protection, 1300 Pennsylvania Avenue, NW. (Mint 
Annex), Washington, DC 20229. Comments by mail may also be submitted to 
Maureen Cooney, Acting Chief Privacy Officer, Department of Homeland 
Security, 601 S. 12th Street, Arlington, VA 22202-4220.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to http://www.regulations.gov, including any 
personal information provided. For detailed instructions on submitting 
comments and additional information on the rulemaking process, see the 
``Public Participation'' heading of the SUPPLEMENTARY INFORMATION 
section of this document.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov. Submitted comments 
may also be inspected during regular business days between the hours of 
9 a.m. and 4:30 p.m. at the Regulations Branch, Office of Regulations 
and Rulings, Bureau of

[[Page 3110]]

Customs and Border Protection, 799 9th Street, NW., 5th Floor, 
Washington, DC. Arrangements to inspect submitted comments should be 
made in advance by calling Mr. Joseph Clark at (202) 572-8768.

FOR FURTHER INFORMATION CONTACT: Laurence E. Castelli (202-572-8712), 
Chief, Privacy Act Policy and Procedures Branch, Bureau of Customs and 
Border Protection, Office of Regulations & Rulings, Mint Annex, 1300 
Pennsylvania Ave., NW., Washington, DC 20229.

SUPPLEMENTARY INFORMATION: The Bureau of Customs and Border Protection 
(CBP) is engaged in a multi-year modernization effort to update its 
information systems. As part of this modernization effort, CBP has 
developed the Automated Commercial Environment (ACE) to streamline 
business processes, to facilitate growth in trade, to ensure cargo 
security, to provide means to combat terrorism through monitoring what 
materials and which persons enter and leave the country, and to foster 
participation in global commerce, while ensuring compliance with U.S. 
laws and regulations. ACE replaces CBP's current Automated Commercial 
System, a twenty-plus-year-old trade information database.
    The operation of ACE will require that CBP collect personally 
identifiable information from importers, brokers, truck carriers, and 
U.S. Postal Service customs declarations. The system will also include 
personally identifiable information about CBP employees and employees 
of other agencies. The information that is collected will be used to 
operate the automated commercial environment in order to assist in 
protecting the country's borders by monitoring and regulating incoming 
cargo and people.
    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States Government 
collects, maintains, uses and disseminates personally identifiable 
information. The Privacy Act applies to information that is maintained 
in a ``system of records.'' A ``system of records'' is a group of any 
records under the control of an agency from which information is 
retrieved by the name of the individual or by some identifying number, 
symbol, or other identifying particular assigned to the individual. In 
the Privacy Act, individual is defined to encompass United States 
citizens and legal permanent residents. ACE involves the collection of 
information that will be maintained in a system of records.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency recordkeeping 
practices transparent, to notify individuals regarding the uses to 
which personally identifiable information is put, and to assist the 
individual to more easily find such files within the agency.
    DHS is here publishing a description of the Automated Commercial 
Environment system of records. In accordance with 5 U.S,C. 552a(r), a 
report concerning this record system has been sent to the Office of 
Management and Budget and to the Congress.
    Interested persons are invited to participate in this rulemaking by 
submitting written data, views, or arguments on all aspects of the 
proposed rule. CBP also invites comments that relate to the economic, 
environmental, or federalism affects that might result from this 
proposed rule. Comments that will provide the most assistance to CBP in 
developing these procedures will reference a specific portion of the 
proposed rule, explain the reason for any recommended change, and 
include data, information, or authority that support such recommended 

System Name:
    Automated Commercial Environment/International Trade Data System 

System Location:
    This computer database is located at the Bureau of Customs and 
Border Protection (CBP) National Data Center in Washington, DC. 
Computer terminals are located at Customhouses and ports throughout the 
United States and at CBP Headquarters, Washington, DC, as well as 
appropriate facilities for other participating government agencies.

Categories of Individuals Covered by the System:
    Individuals involved in the importation of merchandise, members of 
the trade community, including but not limited to truck carriers, 
vessel, vehicle, and aircraft operators or crew, Customhouse brokers, 
importers and their authorized agents (i.e., trade users), persons 
required to file Customs Declarations for international mail 
transactions (including sender and recipient), DHS/CBP employees, and 
employees of other Federal Government agencies.

Categories of Records in the System:
    The database is comprised of carrier, broker, and importer/exporter 
account information (this includes personally identifying information 
(name and address, phone and/or fax), as well as the Significant 
Activity Log (a message log between the ACE Portal Account Owner and 
CBP that tracks their communications sent through ACE) and the Action 
Plans referenced in the Significant Activity Log), entry information, 
and manifest information. The database also includes information 
obtained from Customs declarations filed with the United States Postal 
Service in connection with the import or export of goods through the 
mail. System files may contain information about DHS/CBP employees, 
other Federal employees, companies, and individuals involved in 
commercial land, sea, and/or air border transactions.
    The following information may be stored in the database for the 
establishment of an ACE Secure Data Portal truck carrier account: 
Carrier name, Carrier address, Carrier identification (i.e., the truck 
carrier identification SCAC code (the unique Standard Carrier Alpha 
Code) assigned for each carrier by the National Motor Freight Traffic 
Association), Department of Transportation number, Taxpayer ID number, 
DUNS (Dun and Bradstreet Number), Organizational structure, Name of 
Insurer, Policy number, Date of Issuance and Amount. The carrier can 
create users and points of contact, and may also choose to store 
details associated with driver/crew, conveyance, and equipment for 
purposes of expediting the creation of manifests.
    The ACE database is also comprised of manifest information that 
includes specific details regarding the crew or drivers as well as 
passengers involved in a commercial land border crossing. For crew or 
drivers, the system will include:
    (1) Person on arriving conveyance who is in charge; (2) Names of 
all crew members; (3) Date of birth of each crew member; (4) Commercial 
driver's license (CDL)/drivers license number for each crew member; (5) 
CDL/driver's license State/province of issuance for each crew member; 
(6) CDL country of issuance for each crew member; (7) Travel document 
number for each crew member; (8) Travel document country of issuance 
for each crew member; (9) Travel document State/province of issuance 
for each crew member; (10) Travel document type for each crew member; 
(11) Address for each crew member; (12) Gender of each crew member; 
(13) Nationality/citizenship of each crew member; (14)

[[Page 3111]]

Hazmat endorsement for each crew member.
    For passengers, the information consists of: (1) Names of all 
passengers; (2) Date of birth of each passenger; (3) Travel document 
number for each passenger; (4) Travel document country of issuance for 
each passenger; (5) Travel document State/province of issuance for each 
passenger; (6) Travel document type for each passenger; (7) Gender of 
each passenger; (8) Nationality of each passenger.
    Further, the ACE database includes specific details regarding 
trips, equipment, conveyances, and shipments, but this information does 
not primarily identify individuals, except those who might be shippers 
or consignees.

Authority for Maintenance of the System:
    19 U.S.C. 66, 1448, 1481, 1483, 1484, 1505, 1624, and 2071.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    (1) To the Bureau of the Census by providing magnetic tapes or 
other form of electronic data transmission containing foreign trade 
    (2) To appropriate Federal, State, local, foreign, or tribal 
agencies responsible for investigating or prosecuting the violations 
of, or for enforcing or implementing, a statute, rule, regulation, 
order, or license, where CBP becomes aware of an indication of a 
violation or potential violation of civil or criminal law or 
    (3) To a Federal, State, local, tribal, territorial, foreign, or 
international agency, maintaining civil, criminal or other relevant 
enforcement information or other pertinent information, which has 
requested information relevant to or necessary to the requesting 
agency's or the bureau's hiring or retention of an individual, or 
issuance of a security clearance, license, contract, grant, or other 
    (4) To a court, magistrate, or administrative tribunal in the 
course of presenting evidence, including disclosures to opposing 
counsel or witnesses in the course of civil discovery, litigation, or 
settlement negotiations, in response to a subpoena, or in connection 
with criminal law proceedings;
    (5) To third parties during the course of an investigation to the 
extent necessary to obtain information pertinent to the investigation;
    (6) To an agency, organization, or individual for the purposes of 
performing authorized audit or oversight operations;
    (7) To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains;
    (8) To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function related to this system of 
    (9) To the Department of Justice, the United States Attorney's 
Office, or a consumer reporting agency for further collection action on 
any delinquent debt when circumstances warrant;
    (10) To a former employee of the Department for purposes of: 
responding to an official inquiry by a Federal, State, or local 
government entity or professional licensing authority, in accordance 
with applicable Department regulations; or facilitating communications 
with a former employee that may be necessary for personnel-related or 
other official purposes where the Department requires information and/
or consultation assistance from the former employee regarding a matter 
within that person's former area of responsibility;
    (11) To an organization or individual in either the public or 
private sector, either foreign or domestic, where there is a reason to 
believe that the recipient is or could become the target of a 
particular terrorist activity or conspiracy, to the extent the 
information is relevant to the protection of life or property;
    (12) To the Department of Justice or other Federal agency 
conducting litigation or in proceedings before any court, adjudicative 
or administrative body, when: (a) DHS, or (b) any employee of DHS in 
his/her official capacity, or (c) any employee of DHS in his/her 
individual capacity where DOJ or DHS has agreed to represent the 
employee, or (d) the United States or any agency thereof, is a party to 
the litigation or has an interest in such litigation;
    (13) To the National Archives and Records Administration or other 
federal government agencies pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. Sections 2904 and 
    (14) To a Federal, State, local, tribal, territorial, foreign, or 
international agency, if necessary to obtain information relevant to a 
Department of Homeland Security decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
reporting of an investigation of an employee, the letting of a 
contract, or the issuance of a license, grant or other benefit;
    (15) To a Federal agency, pursuant to the International Trade Data 
System Memorandum of Understanding, consistent with the receiving 
agency's legal authority to collect information pertaining to and/or 
regulate transactions in international trade.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
Disposing of Records in the System:
    The data is stored electronically at the CBP Data Center for 
current data and offsite at an alternative data storage facility for 
historical logs and system backups.

    The data is retrievable by name or personal identifier from an 
electronic database. Only individuals with a need to know can access 
the data. The system manager, in addition, has the capability to 
maintain system back-ups for the purpose of supporting continuity of 
operations and the discrete need to isolate and copy specific data 
access transactions for the purpose of conducting security incident 

    Access to the computer area is controlled by a security pass 
arrangement and personnel not connected with the operation of the 
computer are prohibited from entering. The building security is 
protected by a uniformed guard. Access at the ports is in the booths 
and from any PC connected to the LAN. At the ports of processing, 
terminal rooms are under close supervision during working hours and 
locked after close of business. The system security officer issues a 
unique private five digit identification code to each authorized user. 
Access to the computer from other than system terminals is controlled 
through a security software package. Users must input a unique 
identification code and password during the terminal log-in procedure 
to gain access to the system. The password is not printed or displayed 
at the port of processing. The system validates the user ID by 
transaction type, thereby limiting a

[[Page 3112]]

system user's access to information on a ``need-to-know'' basis. A 
listing of identification codes of authorized users can be printed only 
by request of the security officer. The passwords are changed 
periodically to enhance security.

Retention and Disposal:
    Files are retained on-line in a system database. Personal 
information collected in ACE as part of the regulation of incoming 
cargo and people will be retained in accordance with the U.S. Customs 
Records Schedules approved by the National Archive and Records 
Administration for the forms on which the data is submitted. This means 
that cargo, crew, driver, and passenger information collected from a 
manifest presented in connection with the arrival of a vessel, vehicle 
or aircraft will be retained for six years. Information collected in 
connection with the submission of a Postal Declaration for a mail 
importation will be retained for a maximum of six years and three 
months (as set forth pursuant to NARA Authority N1-36-86-1, U.S. 
Customs Records Schedule, Schedule 9 Entry Processing, Items 4 and 5). 
Personal information collected in connection with the creation of a 
carrier, broker, or importer/exporter account will be retained for up 
to three years following the closing of the account either through 
withdrawal by the individual or denial of access by CBP. Lastly, 
information pertaining to CBP and PGA employees will be retained for as 
long as the individual maintains her or his portal access to ACE and 
authorization to access the information.

System Manager(s) and Address:
    Director, Office of Automated Systems, U.S. Customs and Border 
Protection Headquarters, 1300 Pennsylvania Avenue, NW., Washington, DC 

Notification Procedures:
    To determine whether this system contains records relating to you, 
write to Customer Satisfaction Unit, Office of Field Operations, U.S. 
Customs and Border Protection, Room 5.5-C, 1300 Pennsylvania Avenue, 
NW., Washington, DC 20229 (phone: (202) 344-1850 and fax: (202) 344-

Record Access Procedures:
    Requests for notification or access must be in writing and should 
be addressed to the Customer Satisfaction Unit, Office of Field 
Operations, U.S. Customs and Border Protection, Room 5.5-C, 1300 
Pennsylvania Avenue, NW., Washington, DC 20229. Requests should conform 
to the requirements of 6 CFR part 5, subpart B, which provides the 
rules for requesting access to Privacy Act records maintained by DHS. 
The envelope and letter should be clearly marked ``Privacy Act Access 
Request.'' The request should include a general description of the 
records sound and must include the requester's full name, current 
address, and data and place of birth. The request must be signed and 
either notarized or submitted under penalty of perjury.
    Additionally, operational record access may be obtained through the 
ACE Secure Data Portal for those individuals and entities who have been 
approved access in accordance with the procedures published in the 
Federal Register at 67 FR 21800 dated May 1, 2002.

Contesting Record Procedures:
    Same as ``Record Access Procedures.''

Record Source Categories:
    The system contains data received on authorized CBP forms or 
electronic formats from individuals and/or companies incidental to the 
conduct of foreign trade and required by CBP in administering the 
tariff laws and regulations of the United States. The system also 
contains information pertaining to International Mail Transactions, 
which is obtained from the United States Postal Service by electronic 
data transmission.

Exemptions Claimed for the System:

    Dated: December 22, 2005.
Maureen Cooney,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E6-511 Filed 1-18-06; 8:45 am]