[Federal Register Volume 71, Number 176 (Tuesday, September 12, 2006)]
[Notices]
[Pages 53700-53703]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-15045]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket Number DHS-2006-0025]


Privacy Act; Systems of Records

AGENCY: Office of Security, Department of Homeland Security.

ACTION: Notice of Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the Department of 
Homeland Security, Office of Security, proposes to add a new system of 
records to the Department's inventory, entitled ``Office of Security 
File System.'' This system will support the administration of a program 
which provides security for the Department by safeguarding and 
protecting the Department's personnel, property, facilities, and 
information.

DATES: The established system of records will be effective October 12, 
2006, unless comments are received that result in a contrary 
determination.

ADDRESSES: You may submit comments identified by docket number DHS-
2006-0025 by one of the following methods:
    Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the 
instructions for submitting comments.
    Fax: (202) 401-4514 (not a toll-free number).
    Mail: Marc E. Frey, Senior Advisor, Office of Security, 245 Murray 
Lane, SW., Building 410, Washington, DC 20528; Hugo Teufel III, Chief 
Privacy Officer, 601 S. 12th Street, Arlington, VA 22202.

FOR FURTHER INFORMATION CONTACT: Marc E. Frey, Senior Advisor, Office 
of Security, 245 Murray Lane, SW., Building 410, Washington, DC 20528 
by telephone (202) 772-5096 or facsimile (202) 401-4514; Hugo Teufel 
III, Chief Privacy Officer, 601 S. 12th Street, Arlington, VA 22202 by 
telephone (571) 227-3813 or facsimile (571) 227-4171.

SUPPLEMENTARY INFORMATION: The Department of Homeland Security (DHS), 
Office of Security is publishing a Privacy Act system of records notice 
to cover its collection, use and maintenance of records relating to its 
security mission for the Department. Until now, pursuant to the savings 
clause in the Homeland Security Act of 2002, Public Law 107-296, sec. 
1512, 116 Stat. 2310 (Nov. 25, 2002) (6 U.S.C. 552), the Office of 
Security has been relying on legacy Privacy Act systems for this 
purpose.
    DHS established the Office of Security to protect and safeguard the 
Department's personnel, property, facilities, and information. The 
Office of Security develops, coordinates, implements, and oversees the 
Department's security policies, programs, and standards; delivers 
security training and education to DHS personnel; and provides security 
support to DHS components when necessary. In addition, the Office of 
Security coordinates and collaborates with the Intelligence Community 
on security issues and the protection of information. The Office of 
Security works to integrate security into every aspect of the 
Department's operations. The Office of Security is divided into seven 
divisions, as follows:
     Personnel Security: Background investigations, 
adjudications, and security clearances for DHS employees, as well as 
for State and local government personnel and private-sector partners;
     Administrative Security: The protection of classified and 
sensitive but unclassified information;
     Physical Security: Security surveys, vulnerability 
assessments, and access control for DHS facilities;
     Special Security Programs: Sensitive Compartmented 
Information (SCI) and Special Access Programs;
     Internal Security and Investigations: Protection against 
espionage, foreign intelligence service elicitation activities, and 
terrorist collection efforts directed against the Department; 
investigations of crimes against the Department's personnel and 
property;
     Training and Operations Security: Integrated security 
training policy and programs;
     Security Operations: Badging and credentialing programs.
    The Office of Security records will cover not only DHS employees, 
but also contractors, consultants, volunteers, student interns, 
visitors, and others who have access to DHS facilities. The personal 
information to be collected will consist of data elements necessary to 
identify the individual and to

[[Page 53701]]

perform background or other investigations concerning the individual. 
The system has been designed to closely align with the Office of 
Security's business practices.
    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States Government 
collects, maintains, uses and disseminates personally identifiable 
information. The Privacy Act applies to information that is maintained 
in a ``system of records.'' A ``system of records'' is a group of any 
records under the control of an agency from which information is 
retrieved by the name of the individual or by some identifying number, 
symbol, or other identifying particular assigned to the individual. The 
Office of Security File System is such a system of records.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency record keeping 
practices transparent, to notify individuals regarding the uses to 
which personally identifiable information is put, and to assist 
individuals to more easily find such files within the agency. Below is 
the description of the Office of Security File System.
    In accordance with 5 U.S.C. 552a(r), a report on this system has 
been sent to Congress and to the Office of Management and Budget.
DHS-OS-001

System name:
    Office of Security File System.

Security classification:
    Unclassified and Classified.

System location:
    The records maintained by the Office of Security are located within 
the headquarters facilities of the Department of Homeland Security 
(DHS), Washington, DC 20528.

Categories of individuals covered by the system:
    Individuals involved in, or of interest to, DHS Office of Security 
activities, operations, or programs, including, but not limited to: 
current and former DHS employees; applicants for employment with DHS 
(including student interns); contractors and consultants providing 
services to DHS; Sate and local government personnel and private-sector 
individuals who maintain an access control card permitting access to a 
DHS facility or access to information technology systems that process 
national or homeland security information; DHS employees and 
contractors who may be a subject of a counter-terrorism, 
counterintelligence, or counter-espionage, or law enforcement 
investigation; senders of unsolicited communications that raise a 
security concern to the Department or its personnel; state and local 
government personnel and private-sector individuals who serve on an 
advisory committee and board sponsored by DHS; and state and local 
government personnel and private-sector individuals who are authorized 
by DHS to access sensitive or classified homeland security information, 
classified facilities, communications security equipment, and 
information technology systems that process national or homeland 
security classified information. The system also includes individuals 
accused of security violations or found in violation.

Categories of records in the system:
    Records relating to the management and operation of the DHS 
personnel security and suitability program, including but not limited 
to, completed standard form questionnaires issued by the Office of 
Personnel Management; originals or copies of background investigative 
reports; supporting documentation related to the background 
investigations and adjudications; and other information relating to an 
individual's eligibility for access to classified or sensitive 
information.
    Records relating to management and operation of DHS programs to 
safeguard classified and sensitive but unclassified information, 
including but not limited to, document control registries; courier 
authorization requests; non-disclosure agreements; record(s) of 
security violations; record(s) of document transmittal(s); and requests 
for secure storage and communications equipment.
    Records relating to the management and operation of DHS special 
security programs, including but not limited to, requests for access to 
sensitive compartmented information (SCI); and foreign travel and 
foreign contact registries for individuals with SCI access.
    Records relating to the management and operation of the DHS 
internal security program, including but not limited to, inquiries 
relating to suspected security violation(s); recommended remedial 
actions for possible security violation(s); reports of investigation 
regarding security violations; statements of individuals; affidavits; 
correspondence; and other documentation pertaining to investigative or 
analytical efforts by the DHS Office of Security to identify threats to 
the Department's personnel, property, facilities, and information; 
intelligence reports and database results relating to DHS personnel, 
applicants or candidates for DHS employment or a DHS contract, or other 
individuals interacting or having contact with DHS personnel or 
contractors; foreign contact registries for individuals; or unsolicited 
communications with DHS personnel or contractors that raise a security 
concern.
    Records relating to the management and operation of the Office of 
Security's physical security, operations security, and security 
training and awareness programs, including but not limited to, briefing 
and course registries; facility access registries; access control card 
requests; and credential registries.
    Additionally, specific information from standard forms used to 
conduct background investigations.

Authority for maintenance of the system:
    Homeland Security Act of 2002; National Security Act of 1947; 44 
U.S.C. Chapters 21, 29, 31, 33, and 35; 5 U.S.C. Sections 301, 3301, 
and 7902; 40 U.S.C. 1315; Executive Orders 10450,10865, 12333,12356, 
12958, as amended, 12968, 13142, 13284; the Intelligence Reform and 
Terrorism Prevention Act of 2004, Public Law 108-458, Section 3001 (50 
U.S.C. 435b).

Purpose(s):
    The records in this system are used in the management and 
implementation of Office of Security programs and activities that 
support the protection of the Department's personnel, property, 
facilities, and information. These purposes include, but are not 
limited to, investigation and adjudication of personnel security and 
suitability determinations and access to classified national security 
information and sensitive but unclassified information; verification of 
access to classified national security information; determination of 
access to DHS facilities; certification of storage and processing 
facilities for classified national security information meet required 
standards; audit of contracts involving classified national security 
information; inventory of communications security equipment, materials/
keys for such equipment, and classified publications; analysis, 
identification, and addressing of efforts to infiltrate the Department 
or collect classified or sensitive information; production of access 
control cards and audit of access to DHS facilities; notification of 
DHS personnel in

[[Page 53702]]

emergency situations; maintenance of a central databank for 
investigations of misconduct involving the Department, its personnel, 
or its property. The records may be used to document security 
violations and supervisory actions taken.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To designated officers and employees of Federal, State, local or 
international agencies in connection with the hiring or continued 
employment of an individual, the conduct of a suitability or security 
investigation of an individual, the grant, renewal, suspension, or 
revocation of a security clearance, or the certification of security 
clearances, to the extent that DHS determines the information is 
relevant and necessary to the hiring agency's decision;
    B. To designated officers and employees of Federal, State, local or 
international agencies maintaining civil, criminal or other relevant 
enforcement information or other pertinent information, such as current 
licenses, if necessary for DHS to obtain information relevant to an 
agency decision concerning the hiring or retention of an employee, the 
issuance of a security clearance, the letting of a contract, or the 
issuance of a license, grant, or other benefit;
    C. Except as noted on national security questionnaires, such as 
Forms SF 85, 85-P, and 86, records to an appropriate Federal, State, 
territorial, tribal, local, international, or foreign agency law 
enforcement authority charged with investigating or prosecuting a 
violation or enforcing or implementing a law where a record, either on 
its face or in conjunction with other information, indicates a 
violation or potential violation of law (e.g. criminal, civil or 
regulatory);
    D. To a Federal, State, or local agency, or other appropriate 
entities or individuals, or through established liaison channels to 
selected foreign governments, in order to enable an intelligence agency 
to carry out its responsibilities under the National Security Act of 
1947, as amended, the CIA Act of 1949, as amended, Executive Order 
12333 or any successor order, applicable national security directives, 
or classified implementing procedures approved by the Attorney General 
and promulgated pursuant to such statutes, orders or directives.
    E. To an organization or individual in either the public or private 
sector where there is a reason to believe that the recipient is or 
could become the target of a particular terrorist activity or 
conspiracy, to the extent the information is relevant to the protection 
of life or property.
    F. To an authorized appeal or grievance examiner, formal complaints 
examiner, equal employment opportunity investigator, arbitrator, or 
other duly authorized official engaged in investigation or settlement 
of a grievance, complaint, or appeal filed by an employee;
    G. To the United States Office of Personnel Management, the Merit 
Systems Protection Board, Federal Labor Relations Authority, or the 
Equal Employment Opportunity Commission when requested in the 
performance of their authorized duties;
    H. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains;
    I. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function related to this system of 
records;
    J. To the Department of Justice (DOJ) or in a proceeding before a 
court or adjudicative body before which DHS is authorized to appear, 
when: (a) DHS, or any component thereof; or, (b) any employee of DHS in 
his or her official capacity; or, (c) any employee of DHS in his or her 
individual capacity where the DOJ or DHS has agreed to represent the 
employee; or (d) the United States, where DHS determines that 
litigation is likely to affect the agency or any of its components, is 
a party to litigation or has an interest in such litigation, and the 
use of such records by the DOJ or by DHS before a court or adjudicative 
body is deemed by DHS to be relevant and necessary to the litigation, 
provided, however, that in each case, DHS determines that disclosure of 
the records is a use of the information contained in the records that 
is compatible with the purpose for which the records were collected.
    K. To an agency, organization, or individual for the purposes of 
performing authorized audit or oversight operations.
    L. To any source or potential source from which information is 
requested in the course of an investigation concerning the retention of 
an employee or other personnel action (other than hiring), or the 
retention of a security clearance, contract, grant, license, or other 
benefit, to the extent necessary to identify the individual, inform the 
source of the nature and purpose of the investigation, and to identify 
the type of information requested.

Disclosure to consumer reporting agencies:
    Privacy Act information may be reported to consumer reporting 
agencies pursuant to 5 U.S.C. 552a(b)(12).

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    The records maintained by the Office of Security are located within 
the headquarters of DHS, Washington, DC 20528.
    The records are maintained in paper files and on electronic media.

Retrievability:
    Information in the records may be retrieved by the name of the 
individual, social security number, or other unique individual 
identifier.

Safeguards:
    All records are protected from unauthorized access through 
appropriate administrative, physical, and technical safeguards. These 
safeguards include restricting access to authorized personnel who have 
a ``need-to-know,'' utilization of password protection features, and 
locks on doors and approved storage containers. Buildings have security 
guards and secured doors, and all entrances are monitored by electronic 
surveillance equipment. Classified information is appropriately stored 
in accordance with applicable requirements.

Retention and disposal:
    The files are destroyed in accordance with legal requirements and 
the disposition instructions in the General Records Schedule 18 issued 
by the National Archives and Records Administration (NARA).

System Manager and address:
    DHS Privacy Office, Director of Departmental Disclosure, U.S. 
Department of Homeland Security, 245 Murray Lane, SW., Building 410, 
Washington, DC 20528.

Notification procedure:
    A request for access to records in this system may be made by 
writing to the

[[Page 53703]]

System Manager, the Director of Departmental Disclosure, in conformance 
with 6 CFR part 5, which provides the rules for requesting access to 
records maintained by the Department of Homeland Security.

Record access procedures:
    Same as Notification Procedure above.

Contesting record procedures:
    Same as Notification Procedure above. State clearly and concisely 
the information being contested, the reasons for contesting it, and the 
proposed amendment to the information sought.

Record source categories:
    Information in security files may be obtained from other sources, 
including the following: Current and former DHS employees (including 
student interns); applicants for employment with DHS; contractors and 
consultants providing services to DHS; DHS personnel that maintain an 
access control card permitting access to a DHS facility; DHS personnel 
who may be a subject of a criminal, counter-terrorism, counter-
espionage, or other criminal investigation; senders of unsolicited 
communications to the Department or its personnel; foreign nations who 
have contact with DHS, its personnel or its offices; State and local 
government personnel and private-sector individuals who serve on an 
advisory committee and board sponsored by DHS; State and local 
government personnel and private-sector individuals who are authorized 
by DHS to access sensitive or classified homeland security information, 
classified facilities, communications security equipment, and 
information technology systems which process national or homeland 
security classified information; State and local government personnel 
and private-sector individuals who require a DHS access control device 
that permits access to information technology systems which process 
national or homeland security classified information; law enforcement 
agencies; other government agencies; previous employers, colleagues, 
neighbors, references, informants or other sources; and representatives 
from educational institutions.

Exemptions claimed for the system:
    In accordance with 5 U.S.C. 552a (k)(1), (k)(2), and (k)(5), the 
personnel security case files in this system of records are exempt from 
subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f) of 
the Privacy Act of 1974, as amended.

    Dated: September 1, 2006.
Hugo Teufel III,
Chief Privacy Officer.
 [FR Doc. E6-15045 Filed 9-11-06; 8:45 am]
BILLING CODE 4410-10-P