[Federal Register Volume 76, Number 114 (Tuesday, June 14, 2011)]
[Notices]
[Pages 34732-34736]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-14383]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
[Docket No. DHS-2011-0032]
Privacy Act of 1974; Department of Homeland Security/National
Protection and Programs Directorate--002 Chemical Facility Anti-
Terrorism Standards Personnel Surety Program System of Records
AGENCY: Privacy Office, DHS.
ACTION: Notice of Privacy Act system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, the Department of
Homeland Security proposes to establish a new system of records notice
titled, ``Department of Homeland Security/National Protection and
Programs Directorate--002 Chemical Facility Anti-Terrorism Standards
Personnel Surety Program System of Records.'' This new system of
records collects information on individuals,--facility personnel and
unescorted visitors--who have or are seeking access to restricted areas
and critical assets at high risk chemical facilities and compares this
information to the Terrorist Screening Database, the terrorist
watchlist maintained by the Federal Bureau of Investigation's Terrorist
Screening Center. The Department of Homeland Security is issuing a
Notice of Proposed Rulemaking concurrently with this system of records
elsewhere in the Federal Register to exempt portions of the system of
records from one or more provisions of the Privacy Act because of
criminal, civil, and administrative enforcement requirements. This
newly established system of records will be included in the Department
of Homeland Security's inventory of record systems.
DATES: Submit comments on or before July 14, 2011. This system will be
effective July 14, 2011.
ADDRESSES: You may submit comments, identified by docket number [DHS-
2011-0032] by one of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
[[Page 34733]]
Fax: 703-483-2999.
Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy
Office, Department of Homeland Security, Washington, DC 20528.
Instructions: All submissions received must include the
agency name and docket number for this rulemaking. All comments
received will be posted without change to http://www.regulations.gov,
including any personal information provided.
Docket: For access to the docket to read background
documents or comments received go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: For general questions please contact:
Emily Andrew (703-235-2182), Privacy Officer, National Protection and
Programs Directorate, Department of Homeland Security, Washington, DC
20528. For privacy issues please contact: Mary Ellen Callahan (703-235-
0780), Chief Privacy Officer, Privacy Office, Department of Homeland
Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION:
I. Background
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the
Department of Homeland Security (DHS)/National Protection and Programs
Directorate (NPPD) proposes to establish a DHS system of records
titled, ``DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards
Personnel Surety Program System of Records.''
On October 4, 2006, the President signed the DHS Appropriations Act
of 2007 (the Act), Public Law 109-295. Section 550 of the Act (Section
550) provides DHS with the authority to regulate the security of high-
risk chemical facilities. DHS has promulgated regulations implementing
Section 550, the Chemical Facility Anti-Terrorism Standards (CFATS), 6
CFR part 27.
Section 550 requires that DHS establish Risk Based Performance
Standards (RBPS) as part of CFATS. RBPS-12 (6 CFR 27.230(a)(12)(iv))
requires that regulated chemical facilities implement ``measures
designed to identify people with terrorist ties.'' The ability to
identify individuals with terrorist ties is an inherently governmental
function and requires the use of information held in government-
maintained databases, which are unavailable to high-risk chemical
facilities. Therefore, DHS is implementing the CFATS Personnel Surety
Program, which will allow chemical facilities to comply with RBPS-12 by
implementing ``measures designed to identify people with terrorist
ties.''
The CFATS Personnel Surety Program will work with the DHS
Transportation Security Administration (TSA) to identify individuals
who have terrorist ties by vetting information submitted by each high-
risk chemical facility against the Terrorist Screening Database (TSDB).
The TSDB is the Federal government's consolidated and integrated
terrorist watchlist of known and suspected terrorists, maintained by
the Department of Justice (DOJ) Federal Bureau of Investigation's (FBI)
Terrorist Screening Center (TSC). For more information on the TSDB, see
DOJ/FBI--019 Terrorist Screening Records System, 72 FR 47073 (August
22, 2007).
High-risk chemical facilities or their designees will submit the
information of: (1) Facility personnel who have or are seeking access,
either unescorted or otherwise, to restricted areas or critical assets;
and (2) unescorted visitors who have or are seeking access to
restricted areas or critical assets. These persons, about whom high-
risk chemical facilities and facilities' designees will submit
information to DHS, are referred to in this notice as ``affected
individuals.'' Individual high-risk facilities may classify particular
contractors or categories of contractors either as ``facility
personnel'' or as ``visitors.'' This determination should be a
facility-specific determination, and should be based on facility
security, operational requirements, and business practices.
Information will be submitted to DHS/NPPD through the Chemical
Security Assessment Tool (CSAT), the online data collection portal for
CFATS. The high-risk chemical facility or its designees will submit the
information of affected individuals to DHS through CSAT. The submitters
of this information (``Submitters'') for each high-risk chemical
facility will also affirm, to the best of their knowledge, that the
information is: (1) True, correct, and complete; and (2) collected and
submitted in compliance with the facility's Site Security Plan (SSP) or
Alternative Security Program (ASP), as reviewed and authorized and/or
approved in accordance with 6 CFR 27.245. The Submitter(s) of each
high-risk chemical facility will also affirm that, in accordance with
their Site Security Plans, notice required by the Privacy Act of 1974,
5 U.S.C. Sec. 552a, has been given to affected individuals before
their information is submitted to DHS.
DHS will send a verification of receipt to the Submitter(s) of each
high-risk chemical facility when a high-risk chemical facility: (1)
Submits information about an affected individual for the first time;
(2) submits additional, updated, or corrected information about an
affected individual; and/or (3) notifies DHS that an affected
individual no longer has or is seeking access to that facility's
restricted areas or critical assets.
Upon receipt of each affected individual's information in CSAT,
DHS/NPPD will send a copy of the information to DHS/TSA. Within DHS/
TSA, the Office of Transportation Threat Assessment and Credentialing
(TTAC) conducts vetting against the TSDB for several DHS programs. DHS/
TSA/TTAC will compare the information of affected individuals collected
by DHS (via CSAT) to information in the TSDB. DHS/TSA/TTAC will forward
potential matches to the DOJ/FBI/TSC, which will make a final
determination of whether an individual's information is identified as a
match to a record in the TSDB.
In certain instances, DHS/NPPD may contact a high-risk chemical
facility to request additional information (e.g., visa information)
pertaining to particular individuals in order to clarify suspected data
errors or resolve potential matches (e.g., in situations where an
affected individual has a common name). Such requests will not imply,
and should not be construed to indicate that an individual's
information has been confirmed as a match to a TSDB record.
DHS/NPPD may also conduct data accuracy reviews and audits as part
of the CFATS Personnel Surety Program. Such reviews may be conducted on
random samples of affected individuals. To assist with this activity,
DHS/NPPD may request information pertaining to affected individuals
that was previously provided to DHS/NPPD by high-risk chemical
facilities, in order to confirm the accuracy of that information.
Consistent with the Department's information sharing mission,
information stored in the DHS/NPPD--002 Chemical Facility Anti-
Terrorism Standards Personnel Surety Program System of Records may be
shared with other DHS components, as well as appropriate Federal,
state, local, Tribal, foreign, or international government agencies.
This sharing will only take place after DHS determines that the
receiving component or agency has a need to know the information to
carry out national security, law enforcement, immigration,
intelligence, or other functions consistent with the routine uses set
forth in this system of records notice.
Additionally, DHS is issuing a Notice of Proposed Rulemaking (NPRM)
concurrently with this system of records, to be published elsewhere in
[[Page 34734]]
the Federal Register, to exempt portions of the system of records from
provisions of the Privacy Act because of criminal, civil, and
administrative enforcement requirements.
This newly established system of records will be included in the
Department's inventory of record systems.
II. Privacy Act
The Privacy Act embodies fair information principles in a statutory
framework governing the means by which the United States government
collects, maintains, uses, and disseminates individuals' records. The
Privacy Act applies to information that is maintained in a ``system of
records.'' A ``system of records'' is a group of any records under the
control of an agency for which information is retrieved by the name of
an individual or by some identifying number, symbol, or other
identifying particular assigned to the individual. In the Privacy Act,
individuals are defined to encompass United States citizens and lawful
permanent residents. As a matter of policy, DHS extends administrative
Privacy Act protections to all individuals where systems of records
maintain information on U.S. citizens, lawful permanent residents, and
visitors. Individuals may request access to their own records that are
maintained in a system of records in the possession or under the
control of DHS by complying with DHS Privacy Act regulations, 6 CFR
Part 5.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the type and character of each system
of records that the agency maintains, and the routine uses that are
contained in each system in order to make agency record keeping
practices transparent, to notify individuals regarding the uses to
which their records are put, and to assist individuals to more easily
find such records within the agency. Below is the description of the
DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards Personnel
Surety Program System of Records.
In accordance with 5 U.S.C. 552a(r), DHS has provided a report of
this system of records to the Office of Management and Budget and to
Congress.
System of Records
DHS/NPPD--002
System name:
DHS/NPPD--002 Chemical Facility Anti-Terrorism Standards Personnel
Surety Program System of Records.
Security classification:
Unclassified, sensitive, law enforcement sensitive, for official
use only, and classified.
System location:
Records are maintained at DHS and Component headquarters in
Washington, DC, and at field offices.
Categories of individuals covered by the system:
(1) High-risk chemical facility personnel and unescorted visitors
who have or are seeking access to restricted areas or critical assets
at high-risk chemical facilities (see 6 CFR 27.230(a)(12));
(2) High-risk chemical facility personnel or designees who contact
DHS/NPPD or a Federal law enforcement entity with follow-up questions
regarding submission of an individual's information to DHS/NPPD;
(3) Individuals listed in the TSDB against whom potential or
confirmed matches have been made; and
(4) Individuals who have been or seek to be distinguished from
individuals in the TSDB through redress or other means as a result of
the Personnel Surety Program.
Categories of records in the system:
(1) High-risk chemical facilities are required to submit the
following information on all facility personnel and unescorted visitors
who have or are seeking access to restricted areas or critical assets:
a. U.S. Citizens and Lawful Permanent Residents
i. Full name;
ii. Date of birth; and
iii. Citizenship or Gender.
b. Non-U.S. persons
i. Full name;
ii. Date of birth;
iii. Citizenship; and
iv. Passport information and/or alien registration number.
(2) To reduce the likelihood of false positives in matching against
the TSDB, high-risk chemical facilities may also (optionally) submit
the following information on facility personnel and unescorted visitors
who have or are seeking access to restricted areas or critical assets:
a. Aliases;
b. Gender (for Non-U.S. persons);
c. Place of birth; and
d. Redress Number.
(3) High-risk chemical facilities may submit different information
on individuals who maintain DHS screening program credentials or
endorsements that require TSDB checks equivalent to the checks to be
performed as part of the CFATS Personnel Surety Program. Instead of
submitting the information listed in category (1), above, high risk
chemical facilities may submit the following information for such
individuals:
a. Full name;
b. Date of birth;
c. Name of the DHS program which conducts equivalent vetting
against the TSDB, such as the Transportation Worker Identification
Credential (TWIC) program or the Hazardous Materials Endorsement (HME)
program;
d. Unique number, or other program specific verifying information
associated with a DHS screening program, necessary to verify an
individual's enrollment, such as TWIC Serial Number for the TWIC
program, or Commercial Driver's License (CDL) Number and CDL issuing
state(s) for the HME program; and
e. Expiration date of the credential endorsed or issued by the DHS
screening program.
This alternative is optional--high-risk chemical facilities may
either submit the information listed in category (1) for such
individuals, or may submit the information listed in category (3) for
such individuals.
(4) When high-risk chemical facilities choose to submit the
information listed in category (3), above, they may also (optionally)
submit the following information on facility personnel and unescorted
visitors who have or are seeking access to restricted areas or critical
assets:
a. Aliases;
b. Place of Birth;
c. Gender;
d. Citizenship; and
e. Redress Number.
(5) DHS could collect additional identifying information from a
high-risk chemical facility, as necessary to confirm or clear a
potential match to a TSDB record. Information collected by high-risk
chemical facilities and submitted to DHS for this purpose could include
any information listed in categories (1) through (4), passport
information, visa information, driver's license information, or other
available identifying particulars, used to compare the identity of an
individual being screened with information listed in the TSDB;
(6) In the event that a confirmed match is identified as part of
the CFATS Personnel Surety Program, in addition to other records listed
under the categories of records section of this SORN, DHS will obtain
references to and/or information from other government law enforcement
and
[[Page 34735]]
intelligence databases, or other relevant databases that may contain
terrorism information;
(7) Information necessary to assist in tracking submissions and
transmission of records, including electronic verification that DHS has
received a particular record; and
(8) Information provided by individuals covered by this system in
support of any redress request, including DHS Redress Numbers and/or
any of the above categories of records.
Authority for maintenance of the system:
DHS Appropriations Act of 2007, Section 550, Public Law 109-295,
120 Stat. 1355 (October 4, 2006), as amended; and the Chemical Facility
Anti-Terrorism Standards, 6 CFR part 27 (published April 9, 2007), as
amended.
Purpose(s):
Information is collected to identify persons listed in the TSDB,
who have or are seeking access to restricted areas or critical assets
at high-risk chemical facilities.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b), all or a portion of the records or information contained in
this system may be disclosed outside DHS as a routine use pursuant to 5
U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (including United States Attorney
Offices) or other Federal agency conducting litigation or in
proceedings before any court, adjudicative or administrative body, when
it is necessary to the litigation and one of the following is a party
to the litigation or has an interest in such litigation:
1. DHS or any component thereof;
2. Any employee of DHS in his/her official capacity;
3. Any employee of DHS in his/her individual capacity where the
Department of Justice or DHS has agreed to represent the employee; or
4. The United States, or any agency thereof, is a party to the
litigation or has an interest in such litigation, and DHS determines
that the records are both relevant and necessary to the litigation and
the use of such records is compatible with the purpose for which DHS
collected the records.
B. To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
C. To the National Archives and Records Administration or other
Federal government agencies pursuant to records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency, organization, or individual for the purpose of
performing audit or oversight operations as authorized by law, but only
such information as is necessary and relevant to such audit or
oversight function.
E. To appropriate agencies, entities, and persons when:
1. DHS suspects or has confirmed that the security or
confidentiality of information in the system of records has been
compromised;
2. The Department has determined that as a result of the suspected
or confirmed compromise there is a risk of harm to economic or property
interests, identity theft or fraud, or harm to the security or
integrity of this system or other systems or programs (whether
maintained by DHS or another agency or entity) or harm to the
individual that relies upon the compromised information; and
3. The disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with the Department's
efforts to respond to the suspected or confirmed compromise and
prevent, minimize, or remedy such harm.
F. To contractors and their agents, grantees, experts, consultants,
and others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for DHS, when necessary to
accomplish an agency function related to this system of records.
Individuals provided information under this routine use are subject to
the same Privacy Act requirements and limitations on disclosure as are
applicable to DHS officers and employees.
G. To an appropriate Federal, state, Tribal, territorial, local,
international, or foreign law enforcement agency or other appropriate
authority charged with investigating or prosecuting a violation or
enforcing or implementing a law, rule, regulation, or order, where a
record, either on its face or in conjunction with other information,
indicates a violation or potential violation of law, which includes
criminal, civil, or regulatory violations and such disclosure is proper
and consistent with the official duties of the person making the
disclosure.
H. To Federal, state, local, Tribal, territorial, foreign,
multinational, or private sector entities as appropriate to assist in
coordination of terrorist threat awareness, assessment, analysis or
response.
I. To an appropriate Federal, state, Tribal, local, international,
or foreign agency or other appropriate authority regarding individuals
who pose, or are suspected of posing a risk to national security.
J. To an appropriate Federal, state, Tribal, local, international,
foreign agency, other appropriate governmental entities or authority
to:
1. Determine whether an individual is a positive identity match to
an identity in the TSDB;
2. Facilitate operational, law enforcement, or intelligence
responses, if appropriate, when vetted individuals' identities match
identities in the TSDB;
3. Provide information and analysis about terrorist encounters and
known or suspected terrorist associates to appropriate domestic and
foreign government agencies and officials for counterterrorism
purposes; or
4. Perform technical implementation functions necessary for the
CFATS Personnel Surety Program.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Records may be maintained at secured government facilities, Federal
contractor locations, or locations of other parties that perform
functions related to the CFATS Personnel Surety Program. Records are
stored on magnetic disc, tape, digital media, and CD-ROM, and may also
be retained in hard copy format in secure file folders or safes.
Retrievability:
Records are retrievable by searching any of the categories of
records listed above. Records may also be retrievable by relevant
chemical facility name, chemical facility location, chemical facility
contact information, and by other facility-specific data points.
Safeguards:
Records in this system are safeguarded in accordance with
applicable rules and policies, including all applicable DHS automated
systems security and access policies. Strict controls have been imposed
to minimize the risk of compromising the information that is being
stored. Access to the computer systems containing the records in this
system is limited to those individuals who have a need to know the
information for the performance of their official duties and who have
appropriate clearances or permissions.
[[Page 34736]]
Retention and disposal:
A proposed schedule for the retention and disposal of records
collected under the DHS/NPPD--002 Chemical Facility Anti-Terrorism
Standards Personnel Surety Program System of Records is being developed
by the DHS and NPPD Offices of Records Management for approval by the
National Archives and Records Administration (NARA).
The length of time DHS/NPPD will retain information on individuals
will be dependent on individual TSDB vetting results. Specifically,
individuals' information will be retained as described below, based on
the individuals' placements into three categories:
(1) Information pertaining to an individual who is not a potential
or confirmed match to a TSDB record will be retained for one year after
a high-risk chemical facility has notified NPPD that the individual no
longer has or is seeking access to the restricted areas or critical
assets of the facility;
(2) Information pertaining to an individual who may originally have
appeared to be a match a TSDB record, but who was subsequently
determined not to be a match, will be retained for seven years after
completion of TSDB matching, or one year after the high-risk chemical
facility that submitted that individual's information has notified DHS/
NPPD that the individual no longer has or is seeking access to the
restricted areas or critical assets of the facility, whichever is
later; and
(3) Information pertaining to an individual who is a positive match
to a TSDB record will be retained for ninety-nine years after
completion of matching activity, or seven years after DHS/NPPD learns
that the individual is deceased, whichever is earlier.
DHS/TSA/TTAC will maintain records within its possession in
accordance with the DHS/TSA-002--Transportation Security Threat
Assessment System of Records, 75 FR 28046 (May 19, 2010). DHS/CBP will
maintain records in its possession in accordance with the DHS/CBP-002--
Global Enrollment System of Records, 71 FR 20708 (April 21, 2006).
DHS/NPPD will also retain records to conduct inspections or audits
under 6 CFR 27.245 and 6 CFR 27.250 to ensure that high-risk chemical
facilities are in compliance with CFATS. These records could include
the names of individuals with access to high-risk chemical facilities'
restricted areas and critical assets, the periods of time during which
high-risk chemical facilities indicate that such individuals have/had
access, and any other information listed elsewhere in this notice, as
appropriate.
The retention periods for these records provide reasonable amounts
of time for law enforcement, intelligence, or redress matters involving
individuals who have or are seeking access to restricted areas or
critical assets at high-risk chemical facilities.
System manager and address:
CFATS Personnel Surety Program Manager, 250 Murray Lane, SW., Mail
Stop 0610, Washington, DC 20528.
Notification procedure:
The Secretary of Homeland Security is proposing to exempt this
system from the notification, access, and amendment procedures of the
Privacy Act. DHS/NPPD, however, will consider individual requests to
determine whether or not information may be released. Individuals
seeking notification of and access to any record contained in this
system of records, or seeking to contest its content, may submit a
request in writing to the DHS/NPPD Freedom of Information Act (FOIA)
Officer, whose contact information can be found at http://www.dhs.gov/foia under ``contacts.''
When seeking records about yourself from this system of records or
any other Department system of records your request must conform with
the Privacy Act regulations set forth in 6 CFR part 5. You must first
verify your identity, meaning that you must provide your full name,
current address, and date and place of birth. You must sign your
request, and your signature must either be notarized or submitted under
28 U.S.C. 1746, a law that permits statements to be made under penalty
of perjury as a substitute for notarization. While no specific form is
required, you may obtain forms for this purpose from the Chief Privacy
Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov or 1-866-431-0486. In addition you should provide the
following:
An explanation of why you believe the Department would
have information about you;
Identify which component(s) of the Department you believe
may have the information about you;
Specify when you believe records containing information
about you would have been created;
Provide any other information that will help the FOIA
staff determine which DHS component agency may have responsive records;
and
If your request is seeking records pertaining to another
living individual, you must include a statement from that individual
certifying his/her agreement for you to access his/her records.
Without this bulleted information the component(s) may not be able
to conduct an effective search, and your request may be denied due to
lack of specificity or lack of compliance with applicable regulations.
Record access procedures:
See ``Notification procedure'' above.
Contesting record procedures:
See ``Notification procedure'' above.
Record source categories:
Information is primarily obtained from high-risk chemical
facilities and their designees. High-risk chemical facilities shall
provide notice to each affected individual prior to submission of the
affected individual's information to DHS/NPPD. This will include notice
that additional information may be requested after the initial
submission. Information may also be obtained from other DHS programs
when DHS verifies enrollment of an affected individual in another
vetting or credentialing program. Information may also be obtained from
the DOJ/FBI--019 Terrorist Screening Records System, 72 FR 47073
(August 22, 2007), or from other FBI sources.
Exemptions claimed for the system:
Concurrently with publication of this system of records notice, the
Secretary of Homeland Security is publishing a notice of proposed
rulemaking proposing to exempt this system from the following
provisions of the Privacy Act, subject to the limitations set forth
therein: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H),
(e)(4)(I); and (f). These exemptions are made pursuant to 5 U.S.C.
552a(k)(1) and (k)(2).
Further, DHS derivatively claims some exemptions for this system of
records because it may contain records or information recompiled from
or created from information contained in the TSDB. For more information
on the FBI's Terrorist Screening Records System, see DOJ/FBI--019
Terrorist Screening Records System, 72 FR 47073 (August 22, 2007).
DHS does not claim any exemptions for the information high-risk
chemical facilities (or their designees) submit to DHS as part of this
system of records.
Dated: June 6, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-14383 Filed 6-13-11; 8:45 am]
BILLING CODE 9110-9P-P