[Federal Register Volume 75, Number 168 (Tuesday, August 31, 2010)]
[Notices]
[Pages 53342-53345]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-21248]


-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[CPCLO Order No. 003-2010]


Privacy Act of 1974; System of Records

AGENCY: Federal Bureau of Investigation, Department of Justice.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 (5 U.S.C. 552a), the 
United States Department of Justice (Department), Federal Bureau of 
Investigation (FBI), proposes to establish a new system of records, the 
Data Integration and Visualization System, JUSTICE/FBI-021, to support 
and enhance data search, integration, presentation, and storage 
capabilities in support of the FBI's multifaceted mission.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), the public is 
given a 30-day period in which to comment. Therefore, please submit any 
comments by September 30, 2010.

ADDRESSES: The public, OMB, and Congress are invited to submit any 
comments to the Department of Justice, Attn: Privacy Analyst, Office of 
Privacy and Civil Liberties, U.S. Department of Justice, National Place 
Building, 1331 Pennsylvania Ave, NW., Suite 940, Washington, DC 20530-
0001, or by facsimile at 202-307-0693.

FOR FURTHER INFORMATION CONTACT: Erin Page, Assistant General Counsel, 
Privacy and Civil Liberties Unit, Office of the General Counsel, FBI, 
Washington, DC 20535-0001, telephone 202-324-3000.

SUPPLEMENTARY INFORMATION: Threats from terrorism, espionage, cyber 
attacks and more traditional crimes continue to jeopardize the well-
being of our nation and its citizens while criminals continue to find 
new and inventive ways to carry out their reprehensible activities. To 
stay ahead of the threats the FBI continually searches for ways to more 
effectively understand the danger posed by those who threaten harm. The 
FBI has available a number of lawfully collected databases that allow 
it to conduct investigations and analyze intelligence for this purpose. 
Historically, FBI personnel searched individual databases to extract 
relevant information and then compared the extract to other available 
information in order to form a more complete and accurate threat 
picture. This was a time-consuming process and led to possible gaps in 
the collated information.
    Continued threats to the national security of the United States and 
criminal events have strengthened the FBI's resolve to develop more 
efficient methods to analyze FBI data. The Data Integration and 
Visualization System, DIVS, will allow authorized system users to more 
effectively search, integrate, display, maintain, and record relevant 
information in support of the FBI's multifaceted mission. DIVS will 
provide users with the ability to simultaneously conduct searches 
across several databases, extract information, and present the 
integrated results in a format that the user may sort and display in 
various modes. In order to do this, DIVS will contain replications of 
some databases while providing the ability to perform federated queries 
across other databases. DIVS will allow users to save their queries as 
well as create a separate record of relevant identifiers and 
information. One of the results of DIVS will be a new set of records 
that offers an enhanced view of information already contained in FBI 
holdings.
    DIVS will provide a single user interface that incorporates the 
rules of behavior for FBI information systems, tools to ensure access 
controls based on roles and data attributes, entity resolution and 
appropriate metadata tagging. These tools will help ensure data 
accuracy and reliability.
    To enhance the flexibility of the system, DIVS includes a variety 
of routine uses that the FBI has used successfully in sharing 
information from its other record systems. The FBI will

[[Page 53343]]

share information learned through DIVS pursuant to the requirements of 
the Privacy Act and, in the case of its routine uses, when the 
disclosure is compatible with the purpose for which the information was 
compiled.
    In accordance with Privacy Act requirements of 5 U.S.C. 552a(r), 
the Department has provided a report to OMB and to Congress on this new 
system of records.

    Dated: August 20, 2010.
Nancy C. Libin,
Chief Privacy and Civil Liberties Officer.
JUSTICE/FBI-021

SYSTEM NAME:
    Data Integration and Visualization System (DIVS).

SYSTEM CLASSIFICATION:
    Classified, unclassified--law enforcement sensitive, and 
unclassified.

SYSTEM LOCATION:
    Records may be maintained at any location at which the Federal 
Bureau of Investigation (FBI) operates or at which FBI operations are 
supported, including: J. Edgar Hoover Building, 935 Pennsylvania Ave., 
NW., Washington, DC 20535-0001; FBI Academy and FBI Laboratory, 
Quantico, VA 22135; FBI Criminal Justice Information Services (CJIS) 
Division, 1000 Custer Hollow Rd., Clarksburg, WV 26306; and FBI field 
offices, legal attaches, information technology centers, and other 
components listed on the FBI's internet Web site, http://www.fbi.gov. 
Some or all system information may also be duplicated at other 
locations for purposes of system backup, emergency preparedness, and/or 
continuity of operations. Additionally, appropriate offices/employees 
within the Department of Justice that have an official need to know the 
information contained in DIVS in order to perform their duties, may 
also be granted direct access to DIVS.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by this system encompass all 
individuals who relate in any manner to authorized FBI investigative 
mission activities, including individuals identified in any of multiple 
data sets lawfully collected and/or shared with the FBI. These 
individuals include, but are not limited to subjects, suspects, 
victims, witnesses, complainants, informants, sources, bystanders, law 
enforcement personnel, intelligence personnel, other responders, 
administrative personnel, consultants, relatives, and associates who 
are relevant to an investigation.
    In addition, the categories of individuals covered by this system 
also include persons who are authorized to access and use DIVS.

CATEGORIES OF RECORDS IN THE SYSTEM:
    DIVS contains replications and extractions of information 
maintained by the FBI in other databases. This information is 
replicated or extracted into DIVS in order to provide an enhanced and 
integrated view of that information. DIVS also provides analytic tools 
that can be applied across the multiple data sets in order to integrate 
and visually display, and maintain and record the resultant 
information. Information concerning individuals may be acquired in 
connection with and relating to the varied mission responsibilities of 
the FBI. Depending on the nature and scope of the matter, this 
information may include, among other things: biographical information 
(such as name, alias, race, sex, date of birth, place of birth, social 
security number, driver's license number, other identification numbers, 
addresses, telephone numbers, physical description, photographs); 
biometric information (such as fingerprints); associates and 
affiliations; employment and business information; financial 
information; visa and immigration information; travel; criminal and 
investigative history; and any other information lawfully acquired by 
the FBI.
    DIVS contains records regarding authorized system users, including 
audit log information and records relating to verification or 
authorization of an individual's access to one or more databases. This 
information includes user name, date and time of use, date and time of 
each searched query, search terms and filters, results that the user 
accessed, and a user's permissions and authorizations for particular 
data at that time.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    General authority for FBI mission activities includes: 28 U.S.C., 
Chapter 33, particularly sections 533 and 534; the Uniting and 
Strengthening America by Providing Appropriate Tools Required to 
Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act), Public 
Law 107-56, 115 Stat. 272; the Intelligence Reform and Terrorism 
Prevention Act of 2004 (IRTPA), Public Law 108-458, 118 Stat. 3742; the 
Foreign Intelligence Surveillance Act of 1978 (FISA), Public Law 95-
511, 92 Stat. 1783 (50 U.S.C., Chapter 36); E.O. 13356; E.O. 13388; 28 
CFR 0.85; and Attorney General's Guidelines for Domestic FBI 
Operations. Supplemental authorities relating to particular mission 
activities are found in numerous other Federal statutes, executive 
orders, Federal regulations, and other Executive Branch directives.

PURPOSE(S):
    The purpose of DIVS is to strengthen and improve the methods by 
which the FBI searches for and analyzes information in support of its 
multifaceted mission responsibilities to protect the nation against 
terrorism and espionage and investigate criminal matters. DIVS will 
provide users with the ability simultaneously to conduct searches 
across multiple databases (some of which are ingested directly into and 
exist in DIVS and others of which are searched via DIVS's federated 
query capability), extract and integrate information, and present the 
results in a format that the user may sort and display in various 
modes. DIVS also provides analytic tools that can be applied across the 
multiple data sets in order to integrate and visually display, 
maintain, and record the resultant information.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the FBI 
as a routine use pursuant to 5 U.S.C. 552a(b)(3) under the 
circumstances or for the purposes described below, to the extent such 
disclosures are compatible with the purposes for which the information 
was collected:
    A. Where a record, either alone or in conjunction with other 
information, indicates a violation or potential violation of law--
criminal, civil, or regulatory in nature--the relevant records may be 
referred to the appropriate federal, state, local, territorial, tribal, 
or foreign law enforcement authority or other appropriate entity 
charged with the responsibility for investigating or prosecuting such 
violation or charged with enforcing or implementing such law.
    B. To any criminal, civil, or regulatory law enforcement authority 
(whether federal, state, local, territorial, tribal, or foreign) where 
the information is relevant to the recipient entity's law enforcement 
responsibilities.
    C. To a governmental entity lawfully engaged in collecting law 
enforcement,

[[Page 53344]]

law enforcement intelligence, or national security intelligence 
information for such purposes.
    D. To any person, organization, or governmental entity in order to 
notify them of a serious terrorist threat for the purpose of guarding 
against or responding to such a threat.
    E. To any person or entity if deemed by the FBI to be necessary in 
order to elicit information or cooperation from the recipient for use 
by the FBI in performance of an authorized law enforcement activity.
    F. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the federal government, when 
necessary to accomplish an agency function related to this system of 
records.
    G. To appropriate officials and employees of a federal agency or 
entity when the information is relevant to a decision concerning the 
hiring, appointment, or retention of an employee; the assignment, 
detail, or deployment of an employee; the issuance, renewal, 
suspension, or revocation of a security clearance; the execution of a 
security or suitability investigation; the letting of a contract; or 
the issuance of a grant or benefit.
    H. To designated officers and employees of state, local, 
territorial, or tribal law enforcement or detention agencies in 
connection with the hiring or continued employment of an employee or 
contractor, where the employee or contractor would occupy or occupies a 
position of public trust as a law enforcement officer or detention 
officer having direct contact with the public or with prisoners or 
detainees, to the extent that the information is relevant and necessary 
to the recipient agency's decision.
    I. In an appropriate proceeding before a court, a grand jury, or 
administrative or adjudicative body, when the Department of Justice 
determines that the records are arguably relevant to the proceeding; or 
in an appropriate proceeding before an administrative or adjudicative 
body when the adjudicator determines the records to be relevant to the 
proceeding.
    J. To an organization or individual in both the public or private 
sector where there is reason to believe the recipient is or could 
become the target of a particular criminal activity or conspiracy or 
other threat, to the extent the information is relevant to the 
protection of life, health, or property. Information may be similarly 
disclosed to other recipients who share the same interests as the 
target or who may be able to assist in protecting against or responding 
to the activity or conspiracy.
    K. In any health care-related civil or criminal case, 
investigation, or matter, information indicating patient harm, neglect, 
or abuse, or poor or inadequate quality of care, at a health care 
facility or by a health care provider, may be disclosed as a routine 
use to any federal, state, local, tribal, foreign, joint, 
international, or private entity that is responsible for regulating, 
licensing, registering, or accrediting any health care provider or 
health care facility, or enforcing any health care-related laws or 
regulations. Further, information indicating an ongoing quality of care 
problem by a health care provider or at a health care facility may be 
disclosed to the appropriate health plan. Additionally, unless 
otherwise prohibited by applicable law, information indicating patient 
harm, neglect, abuse, or poor or inadequate quality of care may be 
disclosed to the affected patient or his or her representative or 
guardian at the discretion of and in the manner determined by the 
agency in possession of the information.
    L. Information relating to health care fraud may be disclosed to 
private health plans, or associations of private health plans, and 
health insurers, or associations of health insurers, for the following 
purposes: To promote the coordination of efforts to prevent, detect, 
investigate, and prosecute healthcare fraud; to assist efforts by 
victims of health care fraud to obtain restitution; to enable private 
health plans to participate in local, regional, and national health 
care fraud task force activities; and to assist tribunals having 
jurisdiction over claims against private health plans.
    M. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    N. To an actual or potential party to litigation or the party's 
authorized representative for the purpose of negotiation or discussion 
of such matters as settlement, plea bargaining, or in informal 
discovery proceedings.
    O. To the news media and the public, including disclosures pursuant 
to 28 CFR 50.2, unless it is determined that release of the specific 
information in the context of a particular case would constitute an 
unwarranted invasion of personal privacy.
    P. To federal, state, local, territorial, tribal, foreign, or 
international licensing agencies or associations which require 
information concerning the suitability or eligibility of an individual 
for a license or permit.
    Q. To the National Archives and Records Administration for purposes 
of records management inspections conducted under the authority of 44 
U.S.C. 2904 and 2906.
    R. To a former employee of the Department for purposes of: 
Responding to an official inquiry by a federal, state, or local 
government entity or professional licensing authority, in accordance 
with applicable Department regulations; or facilitating communications 
with a former employee that may be necessary for personnel-related or 
other official purposes where the Department requires information and/
or consultation assistance from the former employee regarding a matter 
within that person's former area of responsibility.
    S. To such recipients and under such circumstances and procedures 
as are mandated by federal statute or treaty.
    T. To complainants and/or victims to the extent necessary to 
provide such persons with information and explanations concerning the 
progress and/or results of the investigation or case arising from the 
matters of which they complained and/or of which they were a victim.
    U. To appropriate agencies, entities, and persons when (1) it is 
suspected or confirmed that the security or confidentiality of 
information in the system of records has been compromised; (2) DOJ has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of harm to economic or property interests, identity 
theft or fraud, or harm to the security or integrity of this system or 
other systems or programs (whether maintained by the Department or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize or remedy such harm.
    V. To the White House (the President, Vice President, their staffs, 
and other entities of the Executive Office of the President (EOP)), 
and, during Presidential transitions, the President-Elect and Vice-
President Elect and their designees for appointment, employment, 
security, and access purposes compatible with the purposes for which 
the records were collected by the FBI, e.g., disclosure of information 
to assist the White House in making a determination whether an 
individual should be: (1) Granted, denied, or

[[Page 53345]]

permitted to continue in employment on the White House Staff; (2) given 
a Presidential appointment or Presidential recognition; (3) provided 
access, or continued access, to classified or sensitive information; or 
(4) permitted access, or continued access, to personnel or facilities 
of the White House/EOP complex. System records may be disclosed also to 
the White House and, during Presidential transitions, to the President-
Elect and Vice-President Elect and their designees, for Executive 
Branch coordination of activities which relate to or have an effect 
upon the carrying out of the constitutional, statutory, or other 
official or ceremonial duties of the President, President-Elect, Vice-
President or Vice-President Elect.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are stored on paper and/or in electronic 
form. Records are stored securely in accordance with applicable 
executive orders, statutes, and agency implementing recommendations.

RETRIEVABILITY:
    Information is retrieved by an individual's name or other 
identifying information.

SAFEGUARDS:
    Information in this system is safeguarded in accordance with 
appropriate laws, rules, and policies, including the FBI's automated 
systems security and access policies, and access to such information is 
limited to Department personnel, contractors, and other personnel who 
have an official need for access in order to perform their duties. 
Records are maintained in a restricted area and directly accessed only 
by authorized personnel. Electronic records are accessed only by 
authorized personnel with accounts on the FBI's computer network. 
Additionally, direct access to certain information may be restricted 
depending on a user's role and responsibility within the system. Paper 
records are safeguarded in accordance with appropriate laws, rules, and 
policies based on the classification and handling restrictions of the 
particular document.

RETENTION AND DISPOSAL:
    Records are retained during their useful life in accordance with 
the records retention schedules approved by the National Archives and 
Records Administration.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Federal Bureau of Investigation, 935 Pennsylvania Ave 
NW., Washington, DC 20535.

NOTIFICATION PROCEDURE:
    Same as Record Access Procedures.

RECORDS ACCESS PROCEDURE:
    The Attorney General has exempted this system of records from the 
notification, access, and contest procedures of the Privacy Act. These 
exemptions apply only to the extent that the information in this system 
is subject to exemption pursuant to 5 U.S.C. 552a (j) and/or (k). Where 
compliance would not appear to interfere with or adversely affect the 
purposes of the system, or the overall law enforcement/intelligence 
process, the applicable exemption (in whole or in part) may be waived 
by the FBI in its sole discretion.
    All requests for access should follow the guidance provided on the 
FBI's Web site at http://foia.fbi.gov/requesting_records.html. 
Individuals may mail, fax, or email a request, clearly marked ``Privacy 
Act Request,'' to the Federal Bureau of Investigation, Attn: FOI/PA 
Request, Record/Information Dissemination Section, 170 Marcel Drive, 
Winchester, VA 22602-4843; Fax: 540-868-4995/6/7; E-mail: (scanned 
copy) [email protected]. The request should include a general 
description of the records sought and must include either a completed 
Department of Justice Certification of Identity Form, DOJ-361, which 
can be located at the above link, or a letter that has been notarized 
which includes: the requester's full name, current and complete 
address, and place and date of birth. In the initial request the 
requester may also include any other identifying data that the 
requester may wish to furnish to assist the FBI in making a reasonable 
search. The request should include a return address for use by the FBI 
in responding; requesters are also encouraged to include a telephone 
number to facilitate FBI contacts related to processing the request. A 
determination of whether a record may be accessed will be made after a 
request is received.

CONTESTING RECORDS PROCEDURE:
    Same as Record Access Procedures. Individuals desiring to contest 
or amend information maintained in the system should also state clearly 
and concisely what information is being contested, the reasons for 
contesting it, and the proposed amendment to the information sought.

RECORD SOURCE CATEGORIES:
    Sources of information contained in this system are derived from 
FBI case files and other law enforcement and intelligence records as 
well as data sets lawfully obtained from other agencies and entities.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    The Attorney General has exempted this system of records from 
subsection (c)(3) and (4); (d)(1), (2), (3) and (4); (e)(1), (2), and 
(3); (e)(4)(G), (H) and (I); (e)(5) and (8); (f) and (g) of the Privacy 
Act. These exemptions apply only to the extent that information in the 
system is subject to exemption pursuant to 5 U.S.C. 552a(j) and/or (k). 
Rules have been promulgated in accordance with the requirements of 5 
U.S.C. 553 (b), (c), and (e) and have been published in today's Federal 
Register.

[FR Doc. 2010-21248 Filed 8-30-10; 8:45 am]
BILLING CODE 4410-02-P