[Federal Register Volume 72, Number 192 (Thursday, October 4, 2007)]
[Notices]
[Pages 56793-56795]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-19461]
[[Page 56793]]
-----------------------------------------------------------------------
DEPARTMENT OF JUSTICE
[AAG/A Order No. 033-2007]
Privacy Act of 1974; System of Records
AGENCY: Federal Bureau of Investigation, Department of Justice.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) and Office
of Management and Budget (OMB) Circular A-130, notice is hereby given
that the Department of Justice, Federal Bureau of Investigation (FBI),
proposes to establish a new system of records entitled ``Law
Enforcement National Data Exchange (N-DEx),'' DOJ/FBI-020.
DATES: The Privacy Act requires that the public be given 30 days in
which to comment on any new or amended uses of information in a system
of records. In addition, OMB, which has oversight responsibilities
under the Act, and the Congress must be given 40 days in which to
review major changes to Privacy Act systems. Therefore, the public,
OMB, and the Congress are invited to submit written comments on this
new Privacy Act system of records. Comments must be received by
November 13, 2007. The system of records will be effective November 13,
2007 unless comments are received that result in a contrary
determination.
ADDRESSES: Comments may be sent to Joo Chung, Counsel, Privacy and
Civil Liberties Office, Office of the Deputy Attorney General, 950
Pennsylvania Ave., NW., Washington, DC 20530, or facsimile 202-616-
9627.
FOR FURTHER INFORMATION CONTACT: Elizabeth Withnell, Assistant General
Counsel, Privacy and Civil Liberties Unit, Office of the General
Counsel, Federal Bureau of Investigation, 202-324-3396.
SUPPLEMENTARY INFORMATION: The Department of Justice (DOJ) and its
component agency, the FBI, have identified improved information sharing
with the entire law enforcement community as a key goal and the focus
of the Department's Law Enforcement Information Sharing Program
(LEISP). The Law Enforcement National Data Exchange (N-DEx) Program is
at the heart of the LEISP and will improve information sharing for law
enforcement purposes. The N-DEx, operated under the aegis of the FBI's
Criminal Justice Information Services (CJIS) Division, is a scalable
information sharing network that will provide the capability to make
potential linkages between crime incidents, criminal investigations,
arrests, bookings, incarcerations, and parole and/or probation
information in order to help solve, deter and prevent crimes and, in
the process, enhance homeland security.
The N-DEx will be populated by data that is already collected by
law enforcement agencies at the Federal, State, local and tribal levels
in fulfilling their functions, such as incident, offense and case
reports. The N-DEx, however, will facilitate the combination of this
data in one secure repository in order to be reviewed for connections,
trends or similarities that will help facilitate the deterrence,
prevention and resolution of crimes. Each data contributor will provide
information subject to conditions elaborated in a memorandum of
understanding or based on Federal law that are expected to reserve
ultimate control and disposition of the data to the contributing
agencies. Although the N-DEx will facilitate comparisons of seemingly
disparate data, the information may not be used as a basis for action
or disseminated beyond the recipient without that recipient first
obtaining permission of the record owner/contributor. This permission
policy, which may be waived only where there is an actual or potential
threat of terrorism, immediate danger of death or serious physical
injury to any person or imminent harm to national security, will help
ensure that information maintained in the system is verified and
updated as necessary. These rules will be enforced through strong and
consistent audit procedures.
All data contributors will be responsible for ensuring that
information they share is relevant, timely, complete, and accurate and
periodic updates will be required in order to enhance data and system
integrity.
System access will be based on a user's job function in his or her
respective agency and will also be conditioned on access limits
prescribed by the data contributor, which can range from unrestricted
sharing to highly restricted access.
Because the N-DEx contains criminal law enforcement information,
the Attorney General is proposing to exempt this system from certain
portions of the Privacy Act, as permitted by law, to protect sensitive
information contained in this system and to prevent the compromise of
ongoing law enforcement investigations and sources and methods. As
required by the Privacy Act, a proposed rule is being published
concurrently with this notice to seek public comment on the proposal to
exempt this system.
In addition, in accordance with Privacy Act requirements (5 U.S.C.
552a(r)), the Department of Justice has provided a report on this new
system of records to OMB and the Congress. A description of the N-DEx
system of records appears below.
Dated: September 25, 2007.
Lee J. Lofthus,
Assistant Attorney General for Administration.
JUSTICE/FBI-020
System Name:
Law Enforcement National Data Exchange (N-DEx).
Security Classification:
Sensitive But Unclassified.
System Location:
Records will be located at the Federal Bureau of Investigation
(FBI), Criminal Justice Information Services (CJIS) Division, 1000
Custer Hollow Road, Clarksburg, WV 26306, and at appropriate locations
for system back-up and continuity of operations purposes.
Categories of Individuals Covered by the System:
The N-DEx will cover any individual who is identified in a law
enforcement report concerning a crime incident or criminal
investigation. These individuals include, but are not limited to:
Subjects; suspects; associates; victims; persons of interest;
witnesses; and/or any individual named in an arrest, booking, parole
and/or probation report.
Categories of Records in the System:
The N-DEx will contain information collected by criminal justice
agencies that is needed for the performance of their legally
authorized, required function. The records in the system consist of
incident, offense and case reports as well as arrest, booking,
incarceration, and parole and/or probation information from Federal,
State, local and tribal law enforcement entities. Identifying
information in this system will include, but not be limited to:
Name(s); sex; race; citizenship; date and place of birth; address(es);
telephone number(s); social security number(s) or other unique
identifiers; physical description (including height, weight, hair
color, eye color, gender); occupation and vehicle identifiers. Data
from the FBI's CJIS Division, including the National Crime Information
Center (NCIC), the Interstate Identification Index (III), and
Integrated Automated Fingerprint Identification System (IAFIS), will be
made available to the system for queries, but the N-DEx will not
contain copies of these databases.
[[Page 56794]]
The information contributed by Federal, State, local and tribal law
enforcement entities will be formatted using the National Information
Exchange Model (NIEM), a single standard Extensible Markup Language
(XML) foundation for exchanging information between agencies, in order
to facilitate information sharing.
Authority for Maintenance of the System:
The system is established and maintained in accordance with 28
U.S.C. 533, 534; 28 CFR 0.85 and 28 CFR part 20.
Purpose(s):
The purpose of the N-DEx system is to enhance the interconnectivity
of criminal justice databases in order to improve the sharing of
multiple levels of criminal justice data to further criminal justice
objectives for crime analysis, law enforcement administration, and
strategic/tactical operations in investigating, reporting, solving, and
preventing crime, and, thereby, improving homeland security. The N-DEx
system will allow Federal, State, local and tribal law enforcement
agencies to compare and/or link criminal incidents and/or
investigations occurring in their own jurisdictions with those in other
jurisdictions throughout the country.
Routine Uses of Records Maintained in the System, Including categories
of Users and the Purposes of such uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside the FBI
as a routine use pursuant to 5 U.S.C. 552a(b)(3), to the extent such
disclosures are compatible with the purpose for which the information
was collected, in accordance with any blanket routine uses established
for FBI record systems. For current blanket routine uses, see Blanket
Routine Uses (BRU) Applicable to More Than One FBI Privacy Act System
of Records, Justice/FBI-BRU, published in the Federal Register at 66 FR
33558 (June 22, 2001) and amended at 70 FR 7513 (Feb. 14, 2005).
Routine uses are not meant to be mutually exclusive and may overlap in
some cases. In addition, the FBI may disclose relevant system records
as follows:
A. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, State, local, territorial, tribal, or foreign) where
the information is relevant to the recipient entity's law enforcement
or homeland security responsibilities.
B. To a Federal, State, local, joint, tribal, foreign,
international, or other public agency/organization, or to any person or
entity in either the public or private sector, domestic or foreign,
where such disclosure may facilitate the apprehension of fugitives, the
location of missing persons, the location and/or return of stolen
property or similar criminal justice objectives.
C. To any person or entity in either the public or private sector,
domestic or foreign, if deemed by the FBI to be reasonably necessary to
elicit information or cooperation from the recipient for use in
furthering the purposes of the system.
D. To appropriate agencies, entities, and persons when (1) The
Department of Justice suspects or has confirmed that the security or
confidentiality of information in the system of records has been
compromised; (2) the Department of Justice has determined that as a
result of the suspected or confirmed compromise there is a risk of harm
to economic or property interests, identity theft, or fraud, or harm to
the security or integrity of this system or other systems or programs
(whether maintained by the Department or another agency or entity) that
rely upon the compromised information; and (3) the disclosure made to
such agencies, entities, and persons is reasonably necessary to assist
in connection with the Department of Justice's efforts to respond to
the suspected or confirmed compromise and prevent, minimize, or remedy
such harm.
E. To those agencies, entities and persons the FBI may consider
necessary or appropriate incident to the ensuring the continuity of
government functions in the event of any actual or potential
significant disruption of normal operations.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Not Applicable.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Most information is maintained in electronic form and stored in
computer memory, on disk storage, on computer tape, or other computer
media. However, some information may also be maintained by the
contributing agency in hard copy (paper) or other form.
RETRIEVABILITY:
Information will be retrieved by linkages based on identifying data
collected on involved persons, places and things, and other non-
specific descriptions of circumstances to identify events with a common
modus operandi. This could include individual names or other personal
identifiers.
SAFEGUARDS:
System records are maintained in limited access space in FBI
controlled facilities and offices. Computerized data is password
protected. All FBI personnel are required to pass an extensive
background investigation. The information is accessed only by
authorized DOJ personnel or by non-DOJ personnel properly authorized to
assist in the conduct of an agency function related to these records.
Authorized system users will have adequate physical security and built
in controls to protect against unauthorized personnel gaining access to
the equipment and/or the information stored in it.
RETENTION AND DISPOSAL:
The information within the N-DEx system will be contributed by
Federal, State, local, and tribal law enforcement entities. All
entities will be responsible for ensuring the relevance and currency of
the information they contribute to the system and will have control and
responsibility for the disposition of their own records through a
process that will be documented by a memorandum of understanding or
based upon Federal law. Those portions of the N-DEx that constitute
Federal records will be subject to retention schedules for those
documents that have been approved by the National Archives and Records
Administration (NARA). In addition, N-DEx, itself, will result in the
creation of metadata or an audit log that reflects any correlation
between any of the submitted records, as well as information about user
activity. A schedule for disposition of this metadata will be submitted
to NARA for approval.
SYSTEM MANAGER(S) AND ADDRESS:
Director, Federal Bureau of Investigation, 935 Pennsylvania Ave.,
NW., Washington, DC 20535-0001.
NOTIFICATION PROCEDURES:
Same as Record Access Procedures.
RECORD ACCESS PROCEDURES:
Because this system contains law enforcement records, the records
in this system have been exempted from notification, access, and
amendment to the extent permitted by subsection (j) of the Privacy Act.
An individual who is the subject of one or more records in this system
may be notified of records that are not exempt from notification and,
accordingly, may access those
[[Page 56795]]
records that are not exempt from disclosure. A request for access to a
non-exempt record shall be made in writing with the envelope and the
letter clearly marked ``Privacy Act Request.'' Requests should include
full name and complete address and be signed. To verify the signature
it must be notarized or submitted under 28 U.S.C. 1746, a law that
permits statements to be made under penalty of perjury as a substitute
for notarization. Other identifying data that will assist in making a
proper search of the system may also be submitted. Requests for access
must be addressed to the Record/Information Dissemination Section,
Federal Bureau of Investigation, 935 Pennsylvania Avenue, NW.,
Washington, DC 20535-0001.
A determination on notification and access, in the sole prerogative
of the FBI, will be made at the time a request is received.
CONTESTING RECORD PROCEDURES:
To contest or amend information maintained in the system, an
individual should direct his/her request to the address provided above,
stating clearly and concisely what information is being contested, the
reasons for contesting it, and the proposed amendment to the
information sought.
Some information may be exempt from contesting record procedures as
described in the section titled ``Exemptions Claimed for the System.''
An individual who is the subject of one or more records in this system
may contest and pursue amendment of those records that are not exempt.
A determination whether a record may be subject to amendment will be
made at the time a request is received.
RECORD SOURCE CATEGORIES:
Information contained in the N-DEx system is obtained from Federal,
State, local, and tribal criminal justice agencies.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
The Attorney General has exempted this system from subsection
(c)(3) and (4); (d)(1), (2), (3) and (4); (e)(1), (2), (3), (5) and
(8); and (g) of the Privacy Act pursuant to 5 U.S.C. 552a(j)(2). Rules
have been promulgated in accordance with the requirements of 5 U.S.C.
553(b), (c), and (e), and are published in today's Federal Register.
[FR Doc. E7-19461 Filed 10-3-07; 8:45 am]
BILLING CODE 4410-02-P