[Federal Register Volume 77, Number 110 (Thursday, June 7, 2012)]
[Rules and Regulations]
[Pages 33605-33607]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-13778]



 ========================================================================
 Rules and Regulations
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains regulatory documents 
 having general applicability and legal effect, most of which are keyed 
 to and codified in the Code of Federal Regulations, which is published 
 under 50 titles pursuant to 44 U.S.C. 1510.
 
 The Code of Federal Regulations is sold by the Superintendent of Documents. 
 Prices of new books are listed in the first FEDERAL REGISTER issue of each 
 week.
 
 ========================================================================
 

  Federal Register / Vol. 77, No. 110 / Thursday, June 7, 2012 / Rules 
and Regulations  

[[Page 33605]]



DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

6 CFR Part 5

[Docket No. DHS-2011-0057]


Privacy Act of 1974: Implementation of Exemptions; Department of 
Homeland Security Office of Operations Coordination and Planning--003 
Operations Collection, Planning, Coordination, Reporting, Analysis, and 
Fusion System of Records

AGENCY: Privacy Office, DHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security is issuing a final rule to 
amend its regulations to exempt portions of a newly established system 
of records titled ``Department of Homeland Security Office of 
Operations Coordination and Planning-003 Operations Collection, 
Planning, Coordination, Reporting, Analysis, and Fusion System of 
Records'' from certain provisions of the Privacy Act. Specifically, the 
Department exempts portions of the system of records from one or more 
provisions of the Privacy Act because of criminal, civil, and 
administrative enforcement requirements.

DATES: Effective Date: This final rule is effective June 7, 2012.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Michael Page (202-357-7626), Privacy Point of Contact, Office of 
Operations Coordination and Planning, Department of Homeland Security, 
Washington, DC 20528. For privacy issues please contact: Mary Ellen 
Callahan (703-235-0780), Chief Privacy Officer, Privacy Office, 
Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

    The Department of Homeland Security (DHS) Office of Operations 
Coordination and Planning (OPS) published a notice of proposed 
rulemaking (NPRM) in the Federal Register, on November 15, 2010 at 75 
FR 69604, proposing to exempt portions of the system of records from 
one or more provisions of the Privacy Act because of criminal, civil, 
and administrative enforcement requirements. The system of records is 
titled, ``DHS/OPS-003 Operations Collection, Planning, Coordination, 
Reporting, Analysis, and Fusion System of Records.'' The DHS/OPS-003 
Operations Collection, Planning, Coordination, Reporting, Analysis, and 
Fusion system of records notice (SORN) was published concurrently in 
the Federal Register on November 15, 2010 at 75 FR 69689, and comments 
were invited on both the NPRM and SORN.

Public Comments

    DHS/OPS received three comments on the NPRM and three comments on 
the SORN for a total of six comments.

Comments on the NPRM

    DHS/OPS received three comments on the NPRM. The first NPRM comment 
was from an anonymous individual seeking to state an opinion and 
requested no specific action or amendment related to the proposed 
rulemaking. The second NPRM comment was from an anonymous individual 
supporting the proposed rulemaking. The third NPRM comment was from a 
public interest organization that filed comments on the NPRM and SORN 
jointly in a comingled fashion and the comments on the SORN and NPRM 
are addressed as the second SORN comment below.

Comments on the SORN

    DHS/OPS also received three comments on the SORN. The first SORN 
comment was from a media and academic partnership and included the 
following points: (1) It is difficult for the public to comment on the 
merits of the proposed rulemaking because so little information is 
available on fusion centers; (2) the government has failed to make 
available information requested under FOIA (an issue unrelated to this 
proposed rulemaking); (3) the proposed system does not adequately 
protect the public's privacy; (4) the new system will impose 
significant costs (an issue unrelated to this proposed rulemaking); (5) 
there is fusion center mission creep (an issue unrelated to this 
proposed rulemaking); and (6) there are privacy violations in fusion 
center guidelines (an issue unrelated to this proposed rulemaking). 
Many of the points raised by this commenter were unrelated to the 
proposed rulemaking, but the Department will address the above comments 
in whole. The commenter states that there is ``insufficient public 
information available on fusion centers for the public to adequately 
evaluate the effect of the proposed information collection system'' and 
``the expense, mission creep, and privacy effects of the proposed 
database.'' In response to the issues raised by this commenter 
regarding fusion centers: (1) Information on fusion centers can be 
found on the Department's Web page at www.dhs.gov and in the DHS/ALL/
PIA-011 Department of Homeland Security State, Local, and Regional 
Fusion Center Initiative Privacy Impact Assessment (PIA), December 11, 
2008. This PIA provides a detailed discussion and privacy analysis on 
fusion centers and is available at www.dhs.gov/privacy; (2) the 
Department is and will continue to be responsive to FOIA requests. FOIA 
requests may be sent to the Chief Privacy Officer and Chief Freedom of 
Information Act Officer, Department of Homeland Security, 245 Murray 
Drive SW., Building 410, STOP-0655, Washington, DC 20528; and (3) the 
privacy protections of information collected by fusion centers is 
covered by privacy policies of the fusion center. This DHS/OPS-003 
Operations Collection, Planning, Coordination, Reporting, Analysis, and 
Fusion System of Records is not the system of records exclusively 
covering information collections by fusion centers. This system of 
records would only cover information sent to the NOC by fusion centers, 
as well as other information collections beyond information sent to the 
NOC by fusion centers. Components of the Department receiving 
information from fusion centers use their own SORNs on a component-by-
component basis and those SORNs can be found at www.dhs.gov/privacy. 
Each of the officially-designated and operational fusion centers have 
privacy policies that have been found by DHS to be ``at least

[[Page 33606]]

as comprehensive'' as the federal guidelines for protecting privacy 
within the Information Sharing Environment. Many of these policies are 
published on the National Fusion Center Association's public Web site 
at http://www.nfcausa.org. With respect to points 4, 5, and 6, above 
these are not related to this rulemaking. This NPRM and SORN do not 
seek to establish a new information technology (IT) database or to 
collect new information; rather this NPRM and SORN provide transparency 
to OPS practices by pulling together a variety of already existing 
records for a single purpose under a specific authority. It is also 
worth clarifying that this NPRM and SORN do not exclusively cover 
fusion centers for the Department, although the National Operations 
Center (NOC) may receive information from a fusion center. Such 
information may be covered by this NPRM and SORN. Neither the NOC nor 
OPS is a ``Fusion Center.'' The purpose of this system of records and 
its authority are mandated by law (6 U.S.C. 321d) to be ``the principal 
operations center for the Department of Homeland Security.'' Through 
the NOC, OPS provides real-time situational awareness and a common 
operating picture to the Department's leadership and senior management.
    The second SORN comment was from a public interest research center 
that filed comments on the NPRM and SORN jointly in a comingled fashion 
and both are addressed in this section. The commenter raised concerns 
about: (1) Unusually broad purpose; (2) unusually broad authority and 
sharing; (3) contradictory statements about fusion centers as state and 
local entities (an issue unrelated to this proposed rulemaking); (4) 
taking Privacy Act exemptions where disclosure from the individual is 
withheld; (5) removing the use of the Privacy Act exemptions that 
address ``relevant and necessary;'' (6) the new fusion center PIA (an 
issue unrelated to this proposed rulemaking); and (7) the new suitable 
retention and disposal standards. Finally, the commenter recommends the 
creation of an independent oversight mechanism to prevent mission creep 
and uphold reporting requirements (an issue unrelated to this proposed 
rulemaking).
    In response to the comment on broad purpose, authority, and sharing 
of this system of records (1 and 2 above), the Department notes that 
the NOC is authorized by law to be ``the principal operations center 
for the Department of Homeland Security,'' (6 U.S.C. 321d) and this 
system of records allows the NOC to fulfill this mission. Through the 
NOC, OPS provides real-time situational awareness and a common 
operating picture to the Department leadership and senior management. 
The NOC operates 24 hours a day, seven days a week, and 365 days a year 
and coordinates information sharing to help deter, detect, and prevent 
terrorist acts and to manage domestic incidents. With regards to point 
3, DHS is not being contradictory on the nature of fusion centers, 
which are state and local entities. This system of records may maintain 
information received from fusion centers, but only when that 
information is sent to the NOC by fusion centers. Additional 
information on fusion centers can be found on the Department's Web page 
at www.dhs.gov and in the DHS/ALL/PIA-011 Department of Homeland 
Security State, Local, and Regional Fusion Center Initiative PIA, 
December 11, 2008, which addresses privacy analysis on fusion centers 
and is available at www.dhs.gov/privacy.
    DHS' decision to take exemptions to the Privacy Act (point 4) are 
appropriate given the law enforcement nature of the collection and the 
concern that providing access may give individuals the ability to 
contravene legitimate law enforcement activities. DHS also notes that 
as a matter of policy it reviews all Privacy Act requests to determine 
whether or not it can provide access to the information. With regards 
to the comments concerns regarding exemptions from the ``relevant and 
necessary'' standard (point 5), sufficient means do exist to verify the 
accuracy of the data and ensure that incorrect data is not used against 
an individual. System users are trained to verify information obtained 
from the NOC before including it in any analytical reports. 
Verification procedures include direct queries to the source databases 
from which the information was originally obtained, queries of 
commercial or other government databases when appropriate, and 
interviews with individuals or others who are in a position to confirm 
the data. These procedures mitigate the risk posed by inaccurate data 
in the system and raise the probability that such data will be 
identified and corrected before any action is taken against an 
individual. In addition, the source systems from which the NOC obtains 
information may, themselves, have mechanisms in place to ensure the 
accuracy of the data prior to the information being shared, as outlined 
in the ISE.
    The commenter expressed concern about the DHS/ALL/PIA-011 
Department of Homeland Security State, Local, and Regional Fusion 
Center Initiative PIA, December 11, 2008 (point 6) and whether it was 
accurate given this system of records notice. As noted above, this 
system of records does not cover fusion centers, but may receive 
information from fusion centers if it is relevant to the purpose of 
this system of records and the mission of OPS. This PIA is currently 
under review for possible update as required by law. The commenter 
expressed concern about the records retention and disposal standards. 
DHS has an updated records schedule approved by NARA for records 
contained in this system of records, Steady state (normal day-to-day) 
records are kept for five years and destroyed. All records that become 
part of a Phase 2 or 3 event are transferred to the National Archives 
five years after the event or case is closed for permanent retention in 
the National Archives (NARA schedule N1-563-11-010).
    Finally, the commenter recommended that the Department establish 
additional independent oversight for fusion centers beyond what 
currently exists at the Department. This is outside the purview of this 
rulemaking.
    The third and final comment is from a private individual. This 
individual wrote to the Department to explain the circumstances related 
to this individual's arrest by a state law enforcement authority 
resulting in what this individual believes to be faulty information 
received from a state intelligence center. The individual goes on to 
detail issues related to the state's fusion center as it applied to 
this individual's case. The individual requested no specific action or 
amendment related to the proposed rulemaking and the individual's 
comments were unrelated to the proposed rulemaking.
    After careful consideration of public comments, the Department will 
implement the rulemaking as proposed, additionally the Department will 
not update the Systems of Records Notice.

List of Subjects in 6 CFR Part 5

    Freedom of information, Privacy.

    For the reasons stated in the preamble, DHS amends Chapter I of 
Title 6, Code of Federal Regulations, as follows:

PART 5--DISCLOSURE OF RECORDS AND INFORMATION

0
1. The authority citation for Part 5 continues to read as follows:

    Authority:  6 U.S.C. 101 et seq.; Pub. L. 107-296, 116 Stat. 
2135; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. 
Subpart B also issued under 5 U.S.C. 552a.

[[Page 33607]]


0
2. Add at the end of Appendix C to Part 5, the following new paragraph 
``68'':

Appendix C to Part 5--DHS Systems of Records Exempt From the Privacy 
Act

* * * * *
    68. The DHS OPS-003 Operations Collection, Planning, 
Coordination, Reporting, Analysis, and Fusion System of Records 
consists of electronic and paper records and will be used by DHS and 
its components. The DHS OPS-003 Operations Collection, Planning, 
Coordination, Reporting, Analysis, and Fusion System of Records is a 
repository of information held by DHS to serve its several and 
varied missions and functions. This system also supports certain 
other DHS programs whose functions include, but are not limited to, 
the enforcement of civil and criminal laws; investigations, 
inquiries, and proceedings there under; national security and 
intelligence activities; and protection of the President of the U.S. 
or other individuals pursuant to Section 3056 and 3056A of Title 18. 
The DHS OPS-003 Operations Collection, Planning, Coordination, 
Reporting, Analysis, and Fusion System of Records contains 
information that is collected by, on behalf of, in support of, or in 
cooperation with DHS and its components and may contain personally 
identifiable information collected by other federal, state, local, 
tribal, foreign, or international government agencies. This system 
is exempted from the following provisions of the Privacy Act 
pursuant to 5 U.S.C. 552a(k)(1), (k)(2), (k)(3): 5 U.S.C. 
552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); and (f). 
Exemptions from these particular subsections are justified, on a 
case-by-case basis to be determined at the time a request is made, 
for the following reasons:
    (a) From subsection (c)(3) (Accounting for Disclosures) because 
release of the accounting of disclosures could alert the subject of 
an investigation of an actual or potential criminal, civil, or 
regulatory violation to the existence of that investigation and 
reveal investigative interest on the part of DHS as well as the 
recipient agency. Disclosure of the accounting would therefore 
present a serious impediment to law enforcement efforts and/or 
efforts to preserve national security. Disclosure of the accounting 
would also permit the individual who is the subject of a record to 
impede the investigation, to tamper with witnesses or evidence, and 
to avoid detection or apprehension, which would undermine the entire 
investigative process.
    (b) From subsection (d) (Access and Amendment) because access to 
the records contained in this system of records could inform the 
subject of an investigation of an actual or potential criminal, 
civil, or regulatory violation to the existence of that 
investigation and reveal investigative interest on the part of DHS 
or another agency. Access to the records could permit the individual 
who is the subject of a record to impede the investigation, to 
tamper with witnesses or evidence, and to avoid detection or 
apprehension. Amendment of the records could interfere with ongoing 
investigations and law enforcement activities and would impose an 
unreasonable administrative burden by requiring investigations to be 
continually reinvestigated. In addition, permitting access and 
amendment to such information could disclose security-sensitive 
information that could be detrimental to homeland security.
    (c) From subsection (e)(1) (Relevancy and Necessity of 
Information) because in the course of investigations into potential 
violations of federal law, the accuracy of information obtained or 
introduced occasionally may be unclear, or the information may not 
be strictly relevant or necessary to a specific investigation. In 
the interests of effective law enforcement, it is appropriate to 
retain all information that may aid in establishing patterns of 
unlawful activity.
    (d) From subsections (e)(4)(G), (e)(4)(H), and (e)(4)(I) (Agency 
Requirements) and (f) (Agency Rules), because portions of this 
system are exempt from the individual access provisions of 
subsection (d) for the reasons noted above, and therefore DHS is not 
required to establish requirements, rules, or procedures with 
respect to such access. Providing notice to individuals with respect 
to existence of records pertaining to them in the system of records 
or otherwise setting up procedures pursuant to which individuals may 
access and view records pertaining to themselves in the system would 
undermine investigative efforts and reveal the identities of 
witnesses, and potential witnesses, and confidential informants.

    Dated: June 1, 2012.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2012-13778 Filed 6-6-12; 8:45 am]
BILLING CODE 9110-9A-P