[Federal Register Volume 74, Number 232 (Friday, December 4, 2009)]
[Rules and Regulations]
[Pages 63944-63946]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-28910]



[[Page 63943]]

-----------------------------------------------------------------------

Part V





Department of Homeland Security





-----------------------------------------------------------------------



6 CFR Part 5



Privacy Act of 1974: Implementation of Exemptions; Final Rules

  Federal Register / Vol. 74 , No. 232 / Friday, December 4, 2009 / 
Rules and Regulations  

[[Page 63944]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2009-0045]


Privacy Act of 1974: Implementation of Exemptions; Department of 
Homeland Security/National Protections and Programs Directorate/U.S. 
Visitor and Immigrant Status Indicator Technology--001 Arrival and 
Departure Information System of Records

AGENCY: Privacy Office, DHS.

ACTION:  Final rule.

-----------------------------------------------------------------------

SUMMARY:  The Department of Homeland Security is issuing a final rule 
to amend its regulations to exempt portions of a Department of Homeland 
Security/National Protections and Programs Directorate/U.S. Visitor and 
Immigrant Status Indicator Technology system of records entitled the 
``Department of Homeland Security/National Protections and Programs 
Directorate/U.S. Visitor and Immigrant Status Indicator Technology--001 
Arrival and Departure Information System of Records'' from certain 
provisions of the Privacy Act. Specifically, the Department exempts 
portions of the Department of Homeland Security/National Protections 
and Programs Directorate/U.S. Visitor and Immigrant Status Indicator 
Technology--001 Arrival and Departure Information system of records 
from one or more provisions of the Privacy Act because of criminal, 
civil, and administrative enforcement requirements.

DATES:  Effective Date: This final rule is effective December 4, 2009.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Paul Hasson (202-298-5021), Privacy Officer, U.S. Visitor and Immigrant 
Status Indicator Technology, Washington, DC 20598. For privacy issues 
please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy 
Officer, Privacy Office, U.S. Department of Homeland Security, 
Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

    The Department of Homeland Security (DHS) published a notice of 
proposed rulemaking in the Federal Register, 72 FR 46921, August 22, 
2007, proposing to exempt portions of the system of records from one or 
more provisions of the Privacy Act because of criminal, civil, and 
administrative enforcement requirements. The system of records is the 
DHS/National Protections and Programs Directorate (NPPD)/U.S. Visitor 
and Immigrant Status Indicator Technology (US-VISIT)--001 Arrival and 
Departure Information system. The DHS/NPPD/US-VISIT--001 Arrival and 
Departure Information system of records notice was published 
concurrently in the Federal Register, 72 FR 47057, August 22, 2007. 
Comments were invited on both the notice of proposed rulemaking and the 
system of records notice. Public comments were received on the notice 
of proposed rulemaking and system of records notice.

Comments on the Notice of Proposed Rulemaking

    DHS received eleven comments on the notice of proposed rulemaking 
(NPRM) (72 FR 46921, August 22, 2007) and seven comments on the system 
of records notice (SORN) (72 FR 47057, August 22, 2007). The NPRM and 
SORN received identical comments twice from the same two individuals. 
One comment was related to permanent resident alien cards and is 
unrelated to the proposed rulemaking. Two additional comments contained 
individuals' personal opinions on DHS' status within the Federal 
government that are unrelated to the proposed rulemaking. Several other 
commenters complained of the Department's use of Privacy Act exemptions 
under the Freedom of Information Act (FOIA). The SORN and NPRM relate 
to the Privacy Act and not FOIA. The proposed exemptions are standard 
law enforcement and national security exemptions currently being 
exercised by a large number of Federal law enforcement and intelligence 
agencies. Moreover, in appropriate circumstances the applicable 
exemptions may be waived, when compliance would not appear to interfere 
with or adversely affect the enforcement process.
    Below is an analysis of each comment that specifically relate to 
this NPRM that is not addressed directly above.
    An initial commenter expressed concern that inaccurate and 
irrelevant information could falsely target innocent individuals. DHS 
notes that occasionally in the course of an investigation into 
potential violations of Federal law, the accuracy of information 
obtained or introduced may be unclear, or the information may not be 
strictly relevant or necessary to a specific investigation, but in the 
interest of effective law enforcement, it is appropriate for the DHS/
NPPD/US-VISIT--001 Arrival and Departure Information system of records 
to retain all information that may aid in establishing patterns of 
unlawful activity. The DHS/NPPD/US-VISIT--001 Arrival and Departure 
Information system of records information serves as another important 
tool to support better determinations concerning potentially high-risk 
travelers that may require additional screening.
    Another commenter stated that information in the background section 
of the notice, specifically a routine use for information sharing with 
the intelligence community, sharing to prevent identity theft, and 
sharing with foreign governments, was not present in the body of the 
SORN. This statement is inaccurate and sharing for those purposes can 
be found in routine use A, B, G and H. The commenter further states 
that there is no language in the SORN relating to the retention period 
for the DHS/NPPD/US-VISIT--001 Arrival and Departure Information system 
of records data. This statement is also inaccurate and information 
relating to the retention period can be found under the Retention and 
Disposal section of the SORN. Further, the commenter goes on to contest 
the purpose and use of the information maintained in the DHS/NPPD/US-
VISIT--001 Arrival and Departure Information system of records and all 
information within the SORN and disagrees with the language and 
truthfulness of the Department's justification. DHS has provided 
accurate information regarding purpose and use of information as well 
as all other information in the DHS/NPPD/US-VISIT--001 Arrival and 
Departure Information system of records.
    One commenter suggested that the proposed exemptions could allow 
for errors and inaccuracy of information. DHS advises that travelers 
who believe that the information contained in the DHS/NPPD/US-VISIT--
001 Arrival and Departure Information system of records or in any other 
DHS systems is erroneous may request correction of that information 
through the Traveler Redress Inquiry Program (TRIP) at http://www.dhs.gov/trip or via mail, facsimile, or e-mail in accordance with 
instructions provided on the Web site listed above or contact DHS/NPPD/
US-VISIT directly.
    Another commenter suggested that the potential for error and abuse 
is enormous because the information is regarded as being about non-
citizens only. DHS extends administrative Privacy Act protections to 
individuals where information is maintained on both U.S. citizens, 
lawful permanent residents, and visitors, on whom a system of records 
maintains

[[Page 63945]]

information. This is the case with the DHS/NPPD/US-VISIT--001 Arrival 
and Departure Information system of records and the reason DHS has 
issued the NPRM and SORN.
    A concluding commenter stated that ``We have a right and a duty to 
ensure that we do not relinquish our Constitutional rights.'' DHS 
agrees and has established a number of administrative and policy checks 
and balances to further ensure that the use of the DHS/NPPD/US-VISIT--
001 Arrival and Departure Information system of records information 
remains within the appropriate bounds of the mission of DHS. In 
conjunction with the SORN published in the Federal Register 72 FR 
47057, August 22, 2007, DHS has also posted on its Web site an updated 
Privacy Impact Assessment that fully informs the public about the uses 
of the DHS/NPPD/US-VISIT--001 Arrival and Departure Information system 
of records including the privacy risks and the mitigation approaches to 
address any identified risks.

Comments on the System of Records Notice 72 FR 47057, August 22, 2007

    Below is an analysis of each comment that specifically relate to 
this SORN that is not addressed directly above.
    An initial commenter suggested that the routine uses permitting the 
sharing of information contained in the DHS/NPPD/US-VISIT--001 Arrival 
and Departure Information system of records should be clarified or 
expanded to include sharing with companies that have posted immigration 
bonds pertaining to aliens ``based on the traditional notions of 
fairness.'' DHS notes that access to the DHS/NPPD/US-VISIT--001 Arrival 
and Departure Information system of records information is strictly 
regulated. Sharing ``based on the traditional notion of fairness'' is 
not within DHS' mission or based on a need to know. In addition to 
those disclosures generally permitted under 5 U.S.C. 552a(b) of the 
Privacy Act and the routine uses outlined in the SORN, and consistent 
with DHS' information sharing limitations, all or a portion of the 
records or information contained in the DHS/NPPD/US-VISIT--001 Arrival 
and Departure Information system of records may be shared with other 
DHS components or outside of DHS with appropriate Federal, State, 
local, tribal, foreign, or international government agencies, or party 
after DHS determines that the receiving agency or party has a need to 
know the information to carry out national security, law enforcement, 
immigration, intelligence, or other functions consistent with the 
routine uses set forth in the SORN for the DHS/NPPD/US-VISIT--001 
Arrival and Departure Information system of records.
    Another commenter expressed that the exemption of one or more 
provisions of the Privacy Act is not necessary because information in 
the DHS/NPPD/US-VISIT--001 Arrival and Departure Information system of 
records record is already known to the subject. While this is generally 
true, individuals who desire access to their information in the DHS/
NPPD/US-VISIT--001 Arrival and Departure Information system of records 
may submit a request to gain access.
    DHS carefully reviewed all the public comments and the 
recommendations within the public comments. DHS has determined that 
since the information in the DHS/NPPD/US-VISIT--001 Arrival and 
Departure Information system of records is used primarily to facilitate 
the investigation of subjects of interest who may have violated their 
immigration status by remaining in the United States beyond their 
authorized stay; thereby supporting the several and varied missions and 
functions of DHS, including but not limited to: the enforcement of 
civil and criminal laws (including the immigration law); 
investigations, inquiries; national security and intelligence 
activities in support of the DHS mission to identify and prevent acts 
of terrorism against the United States, it is important that the 
exemptions remain in place and be waived only when compliance would not 
interfere with or adversely affect the law enforcement purposes of the 
system and the overall law enforcement process.
    Having taken into consideration public comments resulting from this 
NPRM and SORN, as well as the Department's position on these public 
comments, DHS will implement the rulemaking as proposed.

List of Subjects in 6 CFR Part 5

    Freedom of information; Privacy.

0
For the reasons stated in the preamble, DHS amends Chapter I of Title 
6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

0
1. The authority citation for part 5 continues to read as follows:

    Authority:  Public Law 107-296, 116 Stat. 2135, 6 U.S.C. 101 et 
seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 
Subpart B also issued under 5 U.S.C. 552a.


0
2. At the end of Appendix C to Part 5, Exemption of Record Systems 
under the Privacy Act, add the following new paragraph 41 to read as 
follows:

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *
    41. The DHS/NPPD/US-VISIT--001 Arrival and Departure Information 
system of records notice is a system for the storage and use of 
biographic, biometric indicator, and encounter data consolidated 
from various systems regarding aliens who have applied for entry, 
entered, or departed the United States. Information in the DHS/NPPD/
US-VISIT--001 Arrival and Departure Information system of records 
notice is used primarily to facilitate the investigation of subjects 
of interest who may have violated their immigration status by 
remaining in the United States beyond their authorized stay; thereby 
supporting the several and varied missions and functions of DHS, 
including but not limited to: the enforcement of civil and criminal 
laws (including the immigration law); investigations, inquiries; 
national security and intelligence activities in support of the DHS 
mission to identify and prevent acts of terrorism against the United 
States. The information is collected by, on behalf of, in support 
of, or in cooperation with DHS and its components and may contain 
personally identifiable information collected by other Federal, 
State, local, tribal, foreign, or international government agencies. 
The Secretary of Homeland Security has exempted this system from the 
following provisions of the Privacy Act, subject to the limitations 
set forth in 5 U.S.C. 552a(c)(3) and (4); (d); (e)(1), (e)(2), 
(e)(3), (e)(4)(G), (e)(4)(H), (e)(5) and (e)(8); (f); and (g) 
pursuant to 5 U.S.C. 552a(j)(2). Additionally, the Secretary of 
Homeland Security has exempted this system from the following 
provisions of the Privacy Act, subject to the limitations set forth 
in 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H); and (f) 
pursuant to 5 U.S.C. 552a(k)(1), (k)(2), (k)(3) and (k)(5). 
Exemptions from these particular subsections are justified, on a 
case-by-case basis to be determined at the time a request is made, 
for the following reasons:
    (a) From subsection (c)(3) and (4) (Accounting for Disclosures) 
because release of the accounting of disclosures could alert the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of the 
investigation; and reveal investigative interest on the part of DHS 
as well as the recipient agency. Disclosure of the accounting would 
therefore present a serious impediment to law enforcement efforts 
and/or efforts to preserve national security. Disclosure of the 
accounting would also permit the individual who is the subject of a 
record to impede the investigation, to tamper with witnesses or 
evidence, and to avoid detection or apprehension, which would 
undermine the entire investigative process.
    (b) From subsection (d) (Access to Records) because access to 
the records contained in this system of records could inform the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation, to the existence of the 
investigation, and reveal investigative interest on the part of DHS 
or another agency. Access to the records could permit the

[[Page 63946]]

individual who is the subject of a record to impede the 
investigation, to tamper with witnesses or evidence, and to avoid 
detection or apprehension. Amendment of the records could interfere 
with ongoing investigations and law enforcement activities and would 
impose an impossible administrative burden by requiring 
investigations to be continuously reinvestigated. In addition, 
permitting access and amendment to such information could disclose 
security-sensitive information that could be detrimental to homeland 
security.
    (c) From subsection (e)(1) (Relevancy and Necessity of 
Information) because in the course of investigations into potential 
violations of Federal law, the accuracy of information obtained or 
introduced occasionally may be unclear or the information may not be 
strictly relevant or necessary to a specific investigation. In the 
interests of effective law enforcement, it is appropriate to retain 
all information that may aid in establishing patterns of unlawful 
activity.
    (d) From subsection (e)(2) (Collection of Information from 
Individuals) because requiring that information be collected from 
the subject of an investigation would alert the subject to the 
nature or existence of an investigation, thereby interfering with 
the related investigation and law enforcement activities.
    (e) From subsection (e)(3) (Notice to Subjects) because 
providing such detailed information would impede law enforcement in 
that it could compromise investigations by: revealing the existence 
of an otherwise confidential investigation and thereby provide an 
opportunity for the subject of an investigation to conceal evidence, 
alter patterns of behavior, or take other actions that could thwart 
investigative efforts; reveal the identities of witnesses in 
investigations, thereby providing an opportunity for the subjects of 
the investigations or others to harass, intimidate, or otherwise 
interfere with the collection of evidence or other information from 
such witnesses; or reveal the identity of confidential informants, 
which would negatively affect the informant's usefulness in any 
ongoing or future investigations and discourage members of the 
public from cooperating as confidential informants in any future 
investigations.
    (f) From subsections (e)(4)(G) and (H) (Agency Requirements), 
and (f) (Agency Requirements) because portions of this system are 
exempt from the individual access provisions of subsection (d) for 
the reasons noted above, and therefore DHS is not required to 
establish requirements, rules, or procedures with respect to such 
access. Providing notice to individuals with respect to existence of 
records pertaining to them in the system of records or otherwise 
setting up procedures pursuant to which individuals may access and 
view records pertaining to themselves in the system would undermine 
investigative efforts and reveal the identities of witnesses, and 
potential witnesses, and confidential informants.
    (g) From subsection (e)(5) (Collection of Information) because 
in the collection of information for law enforcement purposes it is 
impossible to determine in advance what information is accurate, 
relevant, timely, and complete. Compliance with (e)(5) would 
preclude DHS agents from using their investigative training and 
exercise of good judgment to both conduct and report on 
investigations.
    (h) From subsection (e)(8) (Notice on Individuals) because 
compliance would interfere with DHS' ability to obtain, serve, and 
issue subpoenas, warrants, and other law enforcement mechanisms that 
may be filed under seal, and could result in disclosure of 
investigative techniques, procedures, and evidence.
    (i) From subsection (g) (Civil Remedies) to the extent that the 
system is exempt from other specific subsections of the Privacy Act 
relating to individuals' rights to access and amend their records 
contained in the system. Therefore DHS is not required to establish 
rules or procedures pursuant to which individuals may seek a civil 
remedy for the agency's: refusal to amend a record; refusal to 
comply with a request for access to records; failure to maintain 
accurate, relevant, timely and complete records; or failure to 
otherwise comply with an individual's right to access or amend 
records.

    Dated: November 25, 2009.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. E9-28910 Filed 12-3-09; 8:45 am]
BILLING CODE 9110-9P-P