[Federal Register Volume 75, Number 70 (Tuesday, April 13, 2010)]
[Notices]
[Pages 18863-18867]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-8316]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2010-0015]


Privacy Act of 1974; Department of Homeland Security 
Transportation Security Administration--006 Correspondence and Matters 
Tracking Records

AGENCY: Privacy Office, DHS.

[[Page 18864]]


ACTION: Notice to alter an existing Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974 the Department of 
Homeland Security is updating and reissuing the Department of Homeland 
Security Transportation Security Administration--006 Correspondence and 
Matters Tracking Records system of records, last published on August 
18, 2003, to reflect necessary programmatic changes. As a result of the 
biennial review of this system, modifications are being made to the 
system of records' authorities, routine uses, data retention and 
disposal, notification procedures, and system location. The Department 
of Homeland Security Transportation Security Administration 
Correspondence and Matters Tracking Records system covers records 
associated with the management, tracking, retrieval, and response to 
incoming correspondence, all outgoing correspondence, memoranda, 
documentation, injuries, claims, and complaints associated with all 
subject matters over which the Transportation Security Administration 
exercises jurisdiction. For example, records pertaining to individuals 
who make a complaint to the agency's contact center are covered by this 
system.
    Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and 
(k)(2) as reflected in the final rule published in the Federal Register 
on June 25, 2004.
    This updated system will continue to be included in the Department 
of Homeland Security's inventory of record systems.

DATES: Submit comments on or before May 13, 2010. This new system will 
be effective May 13, 2010.

ADDRESSES: You may submit comments, identified by docket number DHS-
2010-0015 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 703-483-2999.
     Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.
     Instructions: All submissions received must include the 
agency name and docket number for this rulemaking. All comments 
received will be posted without change to http://www.regulations.gov, 
including any personal information provided.
     Docket: For access to the docket to read background 
documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Peter Pietra ([email protected]), Privacy Officer, Transportation 
Security Administration, TSA-36, 601 South 12th Street, Arlington, VA, 
20598-6036. For privacy issues please contact: Mary Ellen Callahan 
(703-235-0780), Chief Privacy Officer, Privacy Office, U.S. Department 
of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS) Transportation Security 
Administration (TSA) is updating and reissuing a DHS/TSA system of 
records notice titled, DHS/TSA-006 Correspondence Matters Tracking 
System Records (CMTR) (68 FR 49496, August 18, 2003).
    TSA's mission is to protect the nation's transportation systems to 
ensure freedom of movement for people and commerce. To achieve this 
mission, TSA is required to develop and adapt its security programs to 
respond to evolving threats to transportation security. In accordance 
with the biennial review of this system, the following modifications 
are being made:
     TSA is updating the authorities for maintenance of the 
system.
     DHS/TSA is updating the system of records to incorporate 
four DHS standard routines uses. One routine use will allow release of 
information to appropriate agencies, entities, and persons when DHS/TSA 
suspects or has confirmed that the security or confidentiality of 
information in a system of records has been compromised The second 
routine use permits the release of information to the media when there 
exists a legitimate public interest in disclosing information. Release 
under this routine use will require the approval of the Chief Privacy 
Officer in consultation with the counsel. The third routine use allows 
the release of information to a court, magistrate, administrative 
tribunal or opposing counsel or parties where a federal agency is a 
party or has an interest in the litigation or administrative 
proceeding. The fourth routine use allows DHS/TSA to release 
information to a former employee when it is necessary to consult with 
the former employee regarding a matter that is within that person's 
former area of responsibility.
     Additionally, DHS/TSA is revising a routine use that 
currently allows DHS/TSA to release information only to third parties 
during the course of an investigation related to transportation 
security. The revised routine use will allow disclosure to third 
parties for the purposes of investigating any matter before DHS/TSA. 
These changes will allow DHS/TSA to thoroughly and efficiently 
investigate and adjudicate theft or damage claims before the agency, as 
well as complaints about employees. DHS/TSA is also revising a current 
routine use by adding indirect air carriers and other facility 
operators as potential recipients of information about individuals who 
are their employees, job applicants, or contractors, or persons to whom 
they issue identification credentials or grant clearances to secured 
areas in transportation facilities when relevant to such employment, 
application, contract, training or the issuance of such credentials or 
clearances.
    DHS/TSA is removing the routine uses involving sharing with the 
Department of State and other Intelligence Community agencies, 
information relating to persons who may pose a risk to transportation 
or national security. Also removed as a routine use is the sharing of 
information with the Attorney General of the United States concerning 
violations of the Brady Handgun Violence Prevention Act. Both routine 
uses are duplicative.
     The retention and disposal section has been updated to 
reflect the records retention schedule approved by the National 
Archives and Records Administration (NARA).
     The notification section was changed to reflect that 
inquiries regarding whether the applicable system contains records 
about an individual should be directed to TSA's Freedom of Information 
Act (FOIA) Office.
     DHS/TSA updated the system location to reflect the current 
location of the system.
    The CMTR system covers records associated with the management, 
tracking, retrieval, and response to incoming correspondence, all 
outgoing correspondence, memoranda, documentation, injuries, claims, 
and complaints associated with all subject matters over which DHS/TSA 
exercises jurisdiction. For example, records pertaining to individuals 
who make a complaint to the agency's contact center are covered by this 
system. DHS/TSA is revising its system of records to reflect necessary 
programmatic changes.
    Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and 
(k)(2) as reflected in the final rule published in the Federal Register 
on June 25, 2004 (69 FR 35536).
    Consistent with the Privacy Act, information stored in the CMTR 
system may be shared with other DHS

[[Page 18865]]

components, as well as appropriate federal, state, local, tribal, 
foreign, or international government agencies. This sharing will only 
take place after DHS determines that the receiving component or agency 
has a need to know the information to carry out national security, law 
enforcement, immigration, intelligence, or other functions consistent 
with the routine uses set forth in this system of records notice.

II. Privacy

    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States Government 
collects, maintains, uses, and disseminates individuals' records. The 
Privacy Act applies to information that is maintained in a ``system of 
records.'' A ``system of records'' is a group of any records under the 
control of an agency for which information is retrieved by the name of 
an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass United States citizens and lawful 
permanent residents. As a matter of policy, DHS extends administrative 
Privacy Act protections to all individuals where systems of records 
maintain information on U.S. citizens, lawful permanent residents, and 
visitors. Individuals may request access to their own records that are 
maintained in a system of records in the possession or under the 
control of DHS by complying with DHS Privacy Act regulations, 6 CFR 
part 5.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency record keeping 
practices transparent, to notify individuals regarding the uses to 
their records are put, and to assist individuals to more easily find 
such files within the agency. Below is the description of the DHS/TSA-
006 CMTR system system of records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
SYSTEM OF RECORDS:
    DHS/TSA-006.

System Name:
    Transportation Security Administration 006 Correspondence and 
Matters Tracking Records (CMTR).

Security classification:
    Sensitive, Classified.

System location:
    Records are maintained at the TSA Office of the Executive 
Secretariat, TSA Headquarters in Arlington, Virginia. Records may also 
be located at the Office of Legislative Affairs, Office of Civil Rights 
and Liberties, Redress Office, and the Office of the Ombudsman (which 
includes the Consumer Response Center (CRC)), to the extent those 
offices maintain matter tracking information. Records may also be 
maintained in other offices at TSA Headquarters and the various TSA 
field offices.

Categories of individuals covered by the system:
    To the extent not covered by any other system, this system covers 
individuals who submit inquiries, comments, complaints, or claims to 
TSA in writing, in person, or by telephone, for response and resolution 
and those with any matter pending before TSA. This includes TSA 
employees, Members of Congress and their staff, officers and employees 
of other Executive branch agencies and the White House, tort and 
property claimants who have filed claims against the Government or TSA, 
stakeholders, passengers in transportation, and members of the public.

Categories of records in the system:
    Correspondence and information related thereto, including name, 
address, and telephone number of individuals contacting TSA; records of 
contacts made by or on behalf of individuals, including inquiries, 
comments, complaints, resumes and letters of reference; staff reports; 
TSA's responses to correspondence and calls; and staff recommendations 
on actions requiring approval or action by a TSA official. The system 
also includes records, including those prepared by TSA employees, 
related to matters under consideration by TSA.

Authority for maintenance of the system:
    5 U.S.C. 301, 28 U.S.C. 1346(b), 1402(b), 2401(b), 2412(c), 2671-
80; 31 U.S.C. 3325, 3332, 3701, 3711, 3721; 49 U.S.C. 114.

Purposes:
    (a) To facilitate and assist in the management, tracking, 
retrieval, and response to incoming correspondence, inquiries, claims, 
and complaints associated with all subject matters over which TSA 
exercises jurisdiction.
    (b) To monitor assignment, disposition, status, and results of 
correspondence, inquiries, claims, and complaints sent to TSA and, 
generally, to review, analyze, investigate, and study trends identified 
by the concerns expressed.
    (c) To facilitate and assist in the management, tracking, and 
retrieval of information associated with matters and issues under 
consideration by TSA.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    A. To the Department of Justice (DOJ) (including United States 
Attorney offices) or other federal agency in anticipation of or 
conducting litigation or in proceedings before any court, adjudicative 
or administrative body, when it is necessary to the litigation and one 
of the following is a party to the litigation or has an interest in 
such litigation:
    1. DHS or any component thereof;
    2. Any current or former employee of DHS in his/her official 
capacity, or
    3. Any current or former employee of DHS in his/her individual 
capacity where DOJ or DHS has agreed to represent the employee, or
    4. The United States or any agency thereof, is a party to the 
litigation or has an interest in such litigation, and DHS determines 
that the records are both relevant and necessary to the litigation and 
the use of such records is compatible with the purpose for which DHS 
collected the records.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration or other 
federal government agencies pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. 2904 and 2906.
    D. To an agency, organization, or individual for the purpose of 
performing audit or oversight operations as authorized by law, but only 
such information as is necessary and relevant to such audit or 
oversight function.
    E. To appropriate agencies, entities and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. The Department has determined that as a result of the suspected 
or confirmed compromise there is a risk of

[[Page 18866]]

harm to economic or property interests, identity theft or fraud, or 
harm to the security or integrity of this system or other systems or 
programs (whether maintained by DHS or another agency or entity) or 
harm to the individual that rely upon the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS when necessary to 
perform an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign agency, including law enforcement, or other appropriate 
authority charged with investigating or prosecuting a violation or 
enforcing or implementing a law, rule, regulation, or order, where a 
record, either on its face or in conjunction with other information, 
indicates a violation or potential violation of law, which includes 
criminal, civil, or regulatory violations and such disclosure is proper 
and consistent with the official duties of the person making the 
disclosure.
    H. To the United States Department of Transportation and its 
operating administrations when relevant or necessary to
    1. Ensure safety and security in any mode of transportation;
    2. Enforce safety- and security-related regulations and 
requirements;
    3. Assess and distribute intelligence or law enforcement 
information related to transportation security;
    4. Assess and respond to threats to transportation;
    5. Oversee the implementation and ensure the adequacy of security 
measures at airports and other transportation facilities;
    6. Plan and coordinate any actions or activities that may affect 
transportation safety and security or the operations of transportation 
operators; or
    7. The issuance, maintenance, or renewal of a license, certificate, 
contract, grant, or other benefit.
    I. To a federal, state, local, tribal, territorial, foreign, or 
international agency, in response to queries regarding persons who may 
pose a risk to transportation or national security; a risk of air 
piracy or terrorism or a threat to airline or passenger safety; or a 
threat to aviation safety, civil aviation, or national security.
    J. To a federal, state, local, tribal, territorial, foreign, or 
international agency, where such agency has requested information 
relevant or necessary for the hiring or retention of an individual, or 
the issuance of a security clearance, license, contract, grant, or 
other benefit.
    K. To a federal, state, local, tribal, territorial, foreign, or 
international agency, if necessary to obtain information relevant to a 
DHS/TSA decision concerning initial or recurrent security threat 
assessment, the hiring or retention of an employee; the issuance of a 
security clearance, license, endorsement, contract, grant, waiver, 
credential, or other benefit and to facilitate any associated payment 
and accounting.
    L. To international and foreign governmental authorities in 
accordance with law and formal or informal international agreement.
    M. To third parties during the course of an investigation into any 
matter before DHS/TSA to the extent necessary to obtain information 
pertinent to the investigation.
    N. To airport operators, aircraft operators, and maritime and 
surface transportation operators, indirect air carriers, and other 
facility operators about individuals who are their employees, job 
applicants, or contractors, or persons to whom they issue 
identification credentials or grant clearances to secured areas in 
transportation facilities when relevant to such employment, 
application, contract, or the issuance of such credentials or 
clearances.
    O. To a debt collection agency for the purpose of debt collection.
    P. To a former employee of DHS, in accordance with applicable 
regulations, for purposes of responding to an official inquiry by a 
federal, state or local government entity or professional licensing 
authority; or facilitating communications with a former employee that 
may be necessary for personnel-related or other official purposes where 
the Department requires information or consultation assistance from the 
former employee regarding a matter within that person's former area of 
responsibility.
    Q. To a court, magistrate, or administrative tribunal where a 
federal agency is a party to the litigation or administrative 
proceeding in the course of presenting evidence, including disclosures 
to opposing counsel or witnesses in the course of civil discovery, 
litigation or settlement negotiations or in connection with criminal 
law proceedings.
    R. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, where there exists a 
legitimate public interest in the disclosure of the information except 
to the extent it is determined that release of the specific information 
in the context of a particular case would constitute an unwarranted 
invasion of personal privacy or a risk to transportation or national 
security.

Disclosure to consumer reporting agencies:
    Privacy Act information may be reported to consumer reporting 
agencies pursuant to 5 U.S.C. 552a(b)(12) for the purpose of collecting 
a debt on behalf of the United States Government.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records may be maintained on paper, audio, and video recordings, 
and in computer accessible storage media. Records may also be stored on 
microfiche and roll microfilm. Records that are sensitive or classified 
are safeguarded in accordance with agency procedures and applicable 
Executive Orders and statutes.

Retrievability:
    Records are retrieved by name, Social security number or other 
assigned identifier of an individual covered by this system.

Safeguards:
    Information in this system is safeguarded in accordance with 
applicable laws, rules and policies. All records are protected from 
unauthorized access through appropriate administrative, physical, and 
technical safeguards. These safeguards include restricting access to 
authorized personnel who have a need-to-know and password protection 
identification features. TSA file areas are locked after normal duty 
hours and the facilities are protected from the outside by security 
personnel.

Retention and disposal:
    In accordance with NARA approved records schedule, N1-560-03-4, 
Contact Center and Ombudsman inquiries are destroyed after three years; 
correspondence files including Congressional correspondence are

[[Page 18867]]

retained permanently; redress records are retained for seven years for 
individuals who were cleared as possible matches, and 99 years for 
individual who were actual matches.

System manager and address:
    Director, Office of the Executive Secretariat, TSA Headquarters, 
601 S. 12th Street, Arlington, VA 20598.

Notification procedure:
    The Secretary of Homeland Security has exempted this system from 
the notification, access, and amendment procedures of the Privacy Act 
because it is a law enforcement system as reflected in the final rule 
published on June 25, 2004 (69 FR 35536). However, TSA will consider 
individual requests to determine whether or not information may be 
released. This, individuals seeking notification of and access to any 
record contained in this system of records, or seeking to contest its 
content, may submit a request in writing to the Headquarters or 
component's FOIA Officer, whose contact information can be found at 
http://www.dhs.gov/foia under ``contacts.'' TSA's FOIA office may be 
reached by mail at Transportation Security Administration, TSA-20, FOIA 
Office, 601 S. 12th Street, Arlington, VA 20598. If an individual 
believes more than one component maintains Privacy Act records 
concerning him/her the individual may submit the request to the Chief 
Privacy Officer, Department of Homeland Security, 245 Murray Drive, 
SW., Building 410, STOP-0655, Washington, DC 20528.
    When seeking records about yourself from this system of records or 
any other Departmental system or records you request must conform with 
the privacy Act regulations set forth in 6 CFR part 5. You must first 
verify your identity, meaning that you must provide your full name, 
current address and data and place of birth. You must sign your 
request, and your signature must be notarized or submitted under 28 
U.S.C. 1746, a law that permits statements to be made under penalty of 
perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Director, 
Disclosure and FOIA, http://www.dhs.gov or 1-866-431-0486. In addition 
you should provide the following:
     An explanation of why you believe the Department would 
have information on you,
     Identify which component(s) of the Department you believe 
may have the information about you,
     Specify when you believe the records would have been 
created,
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records,
     If your request is seeking records pertaining to other 
living individual, you must include a statement from the individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) may not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

Record access procedure:
    Same as ``Notification Procedure'' above.

Contesting record procedures:
    Same as ``Notification Procedure'' above.

Record source categories:
    Records are obtained from calls and correspondence from or on 
behalf of individuals who contact TSA with inquiries, comments, 
complaints, or claims, as well as from TSA employees or contractors and 
witnesses, and other third parties who provide pertinent information 
where applicable. Information may also be collected from documents such 
as records of the contact made with TSA, incident reports, and from 
other sources, such as employers, state and local agencies, other 
federal agencies, and related material for background as appropriate.

Exemptions claimed for the system:
    Portions of this system are exempt under 5 Sec. Sec.  552a(k)(1) 
and (k)(2) as reflected in the final rule published on June 25, 2004 
(69 FR 35536).

Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2010-8316 Filed 4-12-10; 8:45 am]
BILLING CODE 4910-62-P