[Federal Register Volume 72, Number 107 (Tuesday, June 5, 2007)]
[Notices]
[Pages 31080-31082]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 07-2781]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2007-0027]


Privacy Act; IDENT System of Records

AGENCY: Privacy Office, Office of the Secretary, Department of Homeland 
Security.

ACTION: Notice of updated Privacy Act system of records notice.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is republishing the 
Privacy Act system of records notice for the Automated Biometric 
Identification System in order (1) to add a category of records that 
comprises unique personal identifiers that links individuals with their 
encounters, biometrics, records, and other data elements and (2) to add 
a new routine use consistent with Office of Management and Budget 
Memorandum M-07-16, Attachment 2 that permits DHS to be in the best 
position to respond in a timely and effective manner in the event of a 
data breach. This republished system of records notice will replace the 
previously published system of records notice for the Automated 
Biometric Identification System, Federal Register on July 27, 2006 (71 
FR 42651).

DATES: Written comments must be submitted on or before July 5, 2007.

ADDRESSES: You may submit comments, identified by DOCKET NUMBER DHS-
2007-0027 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 1-866-466-5370.
     Mail: Hugo Teufel III, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.

FOR FURTHER INFORMATION CONTACT: Claire Miller, US-VISIT Acting Privacy 
Officer, Department of Homeland Security, Washington, DC 20528. For 
privacy issues please contact: Hugo Teufel III, Chief Privacy Officer, 
Privacy Office, U.S. Department of Homeland Security, Washington, DC 
20528.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, 
5 U.S.C. 552a, the Department of Homeland Security (DHS) is publishing 
a revision to an existing Privacy Act system of records known as 
Automated Biometric Identification System (IDENT). The notice for these 
systems of records was last published in the Federal Register on July 
27, 2006 (71 FR 42651).
    DHS is republishing IDENT in order (1) to add a category of records 
that comprises unique personal identifiers that links individuals with 
their encounters, biometrics, records, and other data elements and (2) 
to add a new routine use consistent with Office of Management and 
Budget Memorandum M-07-16, Attachment 2 that permits DHS to be in the 
best position to respond in a timely and effective

[[Page 31081]]

manner in the event of a data breach. This republished system of 
records notice will replace the previously published system of records 
notice for the Automated Biometric Identification System, Federal 
Register on July 27, 2006 (71 FR 42651).
    IDENT is the primary repository of biometric information held by 
DHS in connection with its several and varied missions and functions, 
including, but not limited to: The enforcement of civil and criminal 
laws (including the immigration and customs laws), including 
investigations, inquiries, and proceedings thereunder; and national 
security and intelligence activities. IDENT is a centralized and 
dynamic DHS-wide biometric database that also contains limited 
biographic and encounter history information needed to place the 
biometric information in proper context. The information is collected 
by, on behalf of, in support of, or in cooperation with DHS and its 
components and may contain personally identifiable information 
collected by other federal, state, local, tribal, foreign, and 
international agencies. As part of an effort to more accurately 
identify individuals and ensure that all encounters are appropriately 
linked, IDENT will generate, store, and retrieve data by unique numbers 
or sequence of numbers and characters. This SORN update adds a category 
of records to IDENT to include these unique numbers or sequence of 
numbers and characters, also known as enumerators that link individuals 
with their encounters, biometrics, records, and other data elements. 
Additionally, this SORN adds a new routine consistent with Office of 
Management and Budget Memorandum M-07-16, Attachment 2 that permits DHS 
to be in the best position to respond in a timely and effective manner 
in the event of a data breach.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system change to the Office of Management and Budget and to 
Congress.
DHS/US-VISIT-001

System name:
    DHS Automated Biometric Identification System (IDENT).

System location:
    US-VISIT, Department of Homeland Security (DHS), Washington, DC 
20528.

Categories of individuals covered by the system:
    Categories of individuals covered by this notice consist of:
    A. Individuals whose biometrics are collected by, on behalf of, in 
support of, or in cooperation with DHS concerning operations that 
implement and/or enforce laws, regulations, treaties, or orders related 
to the mission of DHS.
    B. Individuals whose biometrics are collected by, on behalf of, in 
support of, or in cooperation with DHS as part of a background check or 
security screening in connection with their hiring, retention, 
performance of a job function, or the issuance of a license or 
credential.
    C. Individuals whose biometrics are collected by federal, state, 
local, tribal, foreign, or international agencies for national 
security, law enforcement, immigration, intelligence, or other DHS 
mission-related functions, and who are the subjects of wants, warrants, 
or lookouts or any other subject of interest.

Categories of records in the system:
    IDENT contains biometric, biographic, unique machine-generated 
identifiers, and encounter-related data for operation/production, 
testing, and training environments. Biometric data includes, but is not 
limited to, fingerprints and photographs. Biographical data includes, 
but is not limited to, name, date of birth, nationality, and other 
personal descriptive data. The encounter data provides the context of 
the interaction with an individual including, but not limited to, 
location, document numbers, and reason fingerprinted. Unique machine-
generated identifiers are identifiers that link individuals with their 
encounters, biometrics, records, and other data elements. Test data may 
be real or simulated biometric, biographic, encounter, or identifiers 
related data.

Authority for maintenance of the system:
    6 U.S.C. 202, 8 U.S.C. 1103, 1158, 1201, 1225, 1324, 1357, 1360, 
1365a, 1365b, 1379, and 1732; 19 U.S.C. 1589a.

Purpose(s):
    This system of records is established and maintained to provide a 
DHS-wide repository of biometrics captures in DHS or law enforcement 
encounters. This will enable DHS to carry out its DHS national 
security, law enforcement, immigration, intelligence, and other 
mission-related functions, and to provide associated testing, training, 
management reporting, planning and analysis, and other administrative 
uses, by allowing DHS to positively identify an individual whether the 
name information is the same or different based on biometrics.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3), as follows:
    A. To appropriate federal, state, local, tribal, foreign, or 
international agencies seeking information on the subjects of wants, 
warrants, or lookouts, or any other subject of interest, for purpose 
related to administering or enforcing the law, national security, 
immigration, or intelligence, where consistent with a DHS mission-
related function as determined by DHS.
    B. To appropriate federal, state, local tribal, foreign, or 
international government agencies charged with national security, law 
enforcement, immigration, intelligence, or other DHS mission-related 
functions in connection with the hiring or retention by such an agency 
of an employee, the issuance of a security clearance, the reporting of 
an investigation of that employee (but only if the System of Records in 
which the investigatory files are maintained allows such disclosure), 
the letting of a contract, or the issuance of a license, grant, loan, 
or other benefit by the requesting agency.
    C. To an actual or potential party or to his or her attorney for 
the purpose of negotiation or discussion on such matters as settlement 
of the case or matter, or discovery proceedings.
    D. To a Congressional office from the record of an individual in 
response to an inquiry from that Congressional office made at the 
request of the individual to whom the record pertains.
    E. To the National Archives and Records Administration or other 
Federal government agencies pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. Sections 2904 and 
2906.
    F. To individual who are obligors or representatives of obligors of 
bonds posted.
    G. To contractors, grantees, experts, consultants, and others 
performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish a DHS mission function related to this system 
of records. Such recipients are required to comply with the Privacy 
Act, 5 U.S.C. 552a, as amended.
    H. To the Department of Justice (DOJ) or other Federal agency for 
purposes of conducting litigation or proceedings

[[Page 31082]]

before any court, adjudicative, or administrative body when (1) DHS; or 
(2) Any employee of DHS in his/her official capacity; or (3) Any 
employee of DHS in his/her individual capacity, where DOJ or DHS has 
agreed to represent the employee; or (4) The United States or any 
agency thereof is a party to the litigation or proceeding, or has an 
interest in such litigation or proceeding.
    I. To appropriate agencies, entities, and persons when (1) it is 
suspected or confirmed that the security or confidentiality of 
information in the system of records has been compromised; (2) DHS has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of harm to economic or property interests, identity 
theft or fraud, or ham to the security or integrity of this system or 
other systems or programs (whether maintained by DHS or another agency 
or entity) that rely upon the compromised information; and (3) the 
disclosure is made to such agencies, entities, and persons when 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Information can be stored in case file folders, cabinets, safes, or 
a variety of electronic or computer databases and storage media.

Retrievability:
    Records may be retrieved by biometrics or select personal 
identifiers, including but not limited to names, identification 
numbers, date of birth, nationality, document number, and address.

Safeguards:
    The system is protected through multi-layer security mechanisms. 
The protective strategies are physical, technical, administrative, and 
environmental in nature, and provide access to control to sensitive 
data, physical access control to DHS facilities, confidentiality of 
communications, authentication of sending parties, and personnel 
screening to ensure that all personnel with access to data are screened 
through background investigations commensurate with the level of access 
required to perform their duties.

Retention and disposal:
    The following proposal for retention and disposal is pending 
approval with National Archives and Records Administration (NARA):
    Records that are stored in an individual's file will be purged 
according to the retention and disposition guidelines that relate to 
the individual's file in DHS/US-VISIT-001, IDENT.
    Testing and training data will be purged when the data is no longer 
required (GRS 20). Electronic records for which the statute of 
limitations has expired for all criminal violations or that are older 
than 75 years will be purged. Fingerprint cards, created for the 
purpose of entering records in the database, will be destroyed after 
data entry. Work Measurement Reports and Statistical Reports will be 
maintained within the guidelines set forth in NCI-95-78-5/2 and NCI-85-
78-1/2 respectively.

System manager(s) and address:
    System Manager, IDENT Program Management Office, US-VISIT Program, 
U.S. Department of Homeland Security, Washington, DC 20528, USA.

Notification procedure:
    To determine whether this system contains records relating to you, 
write to the US-VISIT Privacy Officer, US-VISIT Program, U.S. 
Department of Homeland Security, 245 Murray Lane, SW., Washington, DC 
20528, USA.

Record access procedures:
    The major part of this system is exempted from this requirement 
pursuant to 5 U.S.C. 552a(j)(2) and (k)(2). A determination as to the 
granting or denial of access shall be made at the time a request is 
received. Requests for access to records in this system must be in 
writing, and should be addressed to the US-VISIT Privacy Officer at the 
address in the Notification procedure section above. Such request may 
be submitted either by mail or in person. The envelope and letter shall 
be clearly marked ``Privacy Officer--Access/Redress Request.'' To 
identify a record, the record subject should provide his or her full 
name, date and place of birth; if appropriate, the date and place of 
entry into or departure from the United States; verification of 
identity by submitting a copy of fingerprints if appropriate (in 
accordance with 8 CFR 103.21(b) and/or pursuant to 28 U.S.C. 1746, make 
a dated statement under penalty of perjury as a substitute for 
notarization), and any other identifying information that may be of 
assistance in locating the record. The requestor shall also provide a 
return address for transmitting the records to be released.

Contesting record procedures:
    The major part of this system is exempted from this requirement 
pursuant to U.S.C. 552a(j)(2) and (k)(2). A determination as to the 
granting or denial of a request shall be made at the time a request is 
received. An individual requesting amendment of records maintained in 
this system should direct his or her request to the System Manager 
noted above. The request should state clearly what information is being 
contested, the reasons for contesting it, and the proposed amendment to 
the information.

Record source categories:
    Basic information contained in this system is supplied by 
individuals covered by this system, and from Federal, State, local, 
tribal, or foreign governments; private citizens; and public and 
private organizations.

Exemptions claimed for the system:
    The Secretary of Homeland Security has exempted this system from 5 
U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), 
(e)(4)(H), (e)(5) and (e)(8); (f)(2) through (5); and (g) pursuant to 5 
U.S.C. 552a(j)(2). In addition, the Secretary of Homeland Security has 
exempted portions of this system from 5 U.S.C. 552a(c)(3), (d), (e)(1), 
(e)(4)(G), and (e)(4)(H) pursuant to 5 U.S.C. 552a(k)(2). These 
exemptions apply only to the extent that records in the system are 
subject to exemption pursuant to 5 U.S.C. 552a(j)(2) and (k)(2).

    Dated: May 25, 2007.
Hugo Teufel III,
Chief Privacy Officer.
[FR Doc. 07-2781 Filed 5-31-07; 1:24 pm]
BILLING CODE 4410-10-M