[Federal Register Volume 83, Number 243 (Wednesday, December 19, 2018)]
[Notices]
[Pages 65176-65179]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-27390]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2018-0026]


Privacy Act of 1974; System of Records

AGENCY: Department of Homeland Security.

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security (DHS) proposes to modify a current DHS system of 
records titled, ``DHS/ALL-008 Accounts Receivable System of Records.'' 
This system of records allows DHS to collect and maintain records on 
accounts receivable, which enables DHS to have an accurate accounting 
of money it is owed. DHS is updating this system of records notice 
(SORN) to clarify the authorities for collection; and expand the record 
source categories, categories of individuals, and categories of 
records. DHS is also modifying routine use E and

[[Page 65177]]

adding routine use F to comply with the Office of Management and Budget 
(OMB) Memorandum M-17-12. This notice also updates the system location 
and includes non-substantive changes to simplify the formatting and 
text of the previously published notice. This modified system will be 
included in DHS's inventory of record systems.

DATES: Submit comments on or before January 18, 2019. This modified 
system will be effective upon publication. New or modified routine uses 
will be effective January 18, 2019.

ADDRESSES: You may submit comments, identified by docket number DHS-
2018-0026 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Philip S. Kaplan, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528-0655.
    Instructions: All submissions received must include the agency name 
and docket number DHS-2018-0026. All comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions and for privacy 
issues, please contact: Philip S. Kaplan, [email protected], (202) 
343-1717, Chief Privacy Officer, Privacy Office, Department of Homeland 
Security, Washington, DC 20528-0655.

SUPPLEMENTARY INFORMATION: 

I. Background

    DHS is modifying and reissuing the DHS/ALL-008 Accounts Receivable 
SORN. This system consists of both electronic and paper records 
collected and used by DHS and its Components and offices to maintain 
accounts receivable information. This information assists DHS in 
meeting its obligation to manage Departmental funds and ensures that 
the Department has an accurate accounting of all the money that it is 
owed to the Department.
    DHS is updating this SORN to clarify its authorities to collect 
accounts receivable information. DHS is also updating this SORN to 
reflect changes to the data elements collected by Components when 
assessing debts owed and the ability of individuals to repay those 
debts. DHS is updating the category of individuals to include household 
members of debtors, which allows DHS to better assess the ability of 
debtors to repay money owed by taking into account financial 
contributions from spouses and children over 18 years of age. DHS is 
updating the category of records to include debtor date of birth, 
debtor employer information, debtor spouse information, and name and 
age of household dependents. DHS is also including in the categories of 
records and record source categories information accessed from the 
Department of Treasury's ``Do Not Pay'' program. The ``Do Not Pay'' 
program determines if a previous payment by DHS was improper, and thus 
in need of recoupment, by checking death records, federal debt records, 
and lists of sanctioned individuals. The DHS/ALL-008 Accounts 
Receivable system location was also updated to reflect the fact that 
financial management activities for DHS are now processed solely at DHS 
facilities. This SORN also modifies routine use ``E'' and adds routine 
use ``F'' to be in conformity with OMB Memorandum M-17-12. 
Additionally, this notice includes non-substantive changes to simplify 
the formatting and text of the previously published notice.
    Consistent with DHS's information sharing mission, information 
stored in DHS/ALL-008 Accounts Receivable may be shared with other DHS 
Components that have a need to know the information to carry out their 
national security, law enforcement, immigration, intelligence, or other 
homeland security functions. In addition, DHS may share information 
with appropriate Federal, state, local, tribal, territorial, foreign, 
or international government agencies consistent with the routine uses 
set forth in this system of records notice. Further, for awareness, DHS 
may disclose, pursuant to 5 U.S.C. 552a(b)(12), to consumer reporting 
agencies, in accordance with 15 U.S.C. 1681, et seq. or the Federal 
Claims Collection Act of 1966, as amended (31 U.S.C. 3701, et seq.), to 
aid in the collection of outstanding debts owed to the Federal 
Government. Disclosure of records is limited to the individual's name, 
address, tax identification number or Social Security number, and other 
information necessary to establish the individual's identity; the 
amount, status, and history of the claim; and the agency or program 
under which the claim arose. The disclosure will be made only after the 
procedural requirements of 31 U.S.C. 3711(e) have been followed.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which Federal Government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass U.S. citizens and lawful 
permanent residents. Additionally, the Judicial Redress Act (JRA) 
provides covered persons with a statutory right to make requests for 
access and amendment to covered records, as defined by the JRA, along 
with judicial review for denials of such requests. In addition, the JRA 
prohibits disclosures of covered records, except as otherwise permitted 
by the Privacy Act.
    Below is the description of the DHS/ALL-008 Accounts Receivable 
System of Records. In accordance with 5 U.S.C. 552a(r), DHS has 
provided a report of this system of records to OMB and to Congress.
SYSTEM NAME AND NUMBER
    Department of Homeland Security (DHS)/ALL-008 Accounts Receivable.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at several Headquarters locations and in 
Component offices of DHS, in both Washington, DC and field offices.

SYSTEM MANAGER(S):
    The Chief Financial Officer, Financial Management Division, [email protected], Department of Homeland Security, Washington, DC 20528.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 5701 et seq., Travel, Transportation, and Subsistence; 19 
U.S.C. 1451; 26 U.S.C. 6401(d); 31 U.S.C. 7701(c); Chief Financial 
Officers Act of 1990, Public Law 101-576; Federal Debt Collection 
Procedures Act of 1990, Public Law 101-647; Debt Collection Improvement 
Act of 1996, Public Law 104-134; Digital Accountability and 
Transparency Act (DATA Act) of 2014, Public Law 113-101, sec. 5; and 6 
CFR part 11, subpart A--Debt Collection.

[[Page 65178]]

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to collect and maintain records of 
debts owed to DHS.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Any individual or organization that is indebted to DHS. This may 
include: (1) Individuals; (2) household members; (3) spouses; and (4) 
employers.

CATEGORIES OF RECORDS IN THE SYSTEM:
     Individual's name;
     Date of birth;
     Tax identification number, which may be a Social Security 
number in certain instances;
     Addresses;
     Phone numbers;
     Email addresses;
     Name of employer;
     Waiver of Debt Letter of Appeal;
     Receipts;
     Notices of debts;
     Invoices;
     Record of payments, including refunds and overpayments;
     Records of previous improper payments by DHS;
     Records relevant to determinations of an individual's or 
organization's eligibility to receive payments from the Federal 
Government, including death records, Federal debt records, and status 
of individuals on Federal sanctions lists;
     Number and amount of unpaid or overdue bills;
     Record of satisfaction of debt or referral for further 
action;
     Correspondence and documentation with debtors and 
creditors;
     Electronic financial institution data;
     Household Information:
    [cir] Spouse information:
    [ssquf] Date of birth;
    [ssquf] Basic contact information;
    [ssquf] Tax identification number, which may be a Social Security 
number in certain instances; and
    [ssquf] Name of employer.
    [cir] Dependent information:
    [ssquf] Name;
    [ssquf] Age;
    [ssquf] Relationship.

RECORD SOURCE CATEGORIES:
    Records are obtained from DHS, its Components and offices, and 
individuals submitting supporting documentation for reimbursement. 
Records covered by other systems of records include the Department of 
the Treasury/Bureau of the Fiscal Service .023--Do Not Pay Payment 
Verification Records, 78 FR 73923 (Dec. 9, 2013).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    1. DHS or any Component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity, only when DOJ or DHS has agreed to represent the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when (1) DHS 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DHS has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DHS (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DHS's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    F. To another Federal agency or Federal entity, when DHS determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    G. To an appropriate Federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, when a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    I. To a Federal, state, or local agency so that the agency may 
adjudicate an individual's eligibility for a benefit.
    J. To the DOJ or other Federal agency for further collection action 
on any delinquent debt when circumstances warrant.
    K. To a debt collection agency for the purposes of debt collection.
    L. To approved Federal, state, and local government agencies for 
any legally mandated purpose in accordance with their authorizing 
statute or law and where an approved Memorandum of Agreement or 
Computer Matching Agreement is in place between DHS and the entity.
    M. To provide information to unions recognized as exclusive 
bargaining representatives under the Civil Service Reform Act of 1978, 
5 U.S.C. 7111 and 7114.
    N. To the Merit Systems Protection Board, arbitrators, the Federal 
Labor Relations Authority, Equal Employment Opportunity Commission, and 
other parties responsible for the administration of the Federal Labor-
Management Relations Program for the purpose of processing any 
corrective actions, grievances, or conducting administrative hearings 
or appeals, or if needed in the performance of other similar authorized 
duties.

[[Page 65179]]

    O. To Federal agencies that provide financial management services 
for DHS Components under a cross-servicing agreement for purposes such 
as budgeting, purchasing, procurement, reimbursement, reporting, and 
collection functions.
    P. To the Government Accountability Office, DOJ, or Offices of the 
United States Attorney, copies of the Debt Collection Officer's file 
regarding the debt and actions taken to attempt to collect monies owed.
    Q. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of DHS, 
or when disclosure is necessary to demonstrate the accountability of 
DHS's officers, employees, or individuals covered by the system, except 
to the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute a clearly unwarranted invasion of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    DHS stores records in this system electronically or on paper in 
secure facilities in a locked drawer behind a locked door. The records 
may be stored on magnetic disc, tape, and digital media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by an individual's name, tax 
identification number/Social Security number, employee identification 
number, or other personal identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    DHS destroys records six years after final payment or cancellation, 
or longer if required for a business use, in accordance with National 
Archives and Records Administration (NARA) General Records Schedule 
1.1, Financial Management and Reporting Records, item 010, and DAA-GRS-
2013-0003-0001.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    DHS safeguards records in this system according to applicable rules 
and policies, including all applicable DHS automated systems security 
and access policies. DHS has imposed strict controls to minimize the 
risk of compromising the information that is being stored. Access to 
the computer system containing the records in this system is limited to 
those individuals who have a need to know the information for the 
performance of their official duties and who have appropriate 
clearances or permissions.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to and notification of any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Chief Privacy Officer and 
Headquarters or Component's Freedom of Information Act (FOIA) Officer, 
whose contact information can be found at http://www.dhs.gov/foia under 
``Contact Information.'' If an individual believes more than one 
Component maintains Privacy Act records concerning him or her, the 
individual may submit the request to the Chief Privacy Officer and 
Chief Freedom of Information Act Officer, Department of Homeland 
Security, Washington, DC 20528-0655. Even if neither the Privacy Act 
nor the Judicial Redress Act provide a right of access, certain records 
about you may be available under the Freedom of Information Act.
    When an individual is seeking records about himself or herself from 
this system of records or any other Departmental system of records, the 
individual's request must conform with the Privacy Act regulations set 
forth in 6 CFR part 5. The individual must first verify his or her 
identity, meaning that the individual must provide his or her full 
name, current address, and date and place of birth. The individual must 
sign the request, and the individual's signature must either be 
notarized or submitted under 28 U.S.C. 1746, a law that permits 
statements to be made under penalty of perjury as a substitute for 
notarization. While no specific form is required, an individual may 
obtain forms for this purpose from the Chief Privacy Officer and Chief 
Freedom of Information Act Officer, http://www.dhs.gov/foia or 1-866-
431-0486. In addition, the individual should:
     Explain why he or she believes the Department would have 
information on him or her;
     Identify which Component(s) of the Department the 
individual believes may have the information about him or her;
     Specify when the individual believes the records would 
have been created; and
     Provide any other information that will help the FOIA 
staff determine which DHS Component agency may have responsive records.
    If an individual's request is seeking records pertaining to another 
living individual, the person seeking the records must include a 
statement from the subject individual certifying his or her agreement 
for the requestor to access his or her records.
    Without the above information, the Component(s) may not be able to 
conduct an effective search, and the individual's request may be denied 
due to lack of specificity or lack of compliance with applicable 
regulations.

CONTESTING RECORD PROCEDURES:
    For records covered by the Privacy Act or covered JRA records, see 
``Record Access Procedures'' above.

NOTIFICATION PROCEDURES:
    See ``Record Access Procedures.''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    80 FR 58289 (September 28, 2015); 73 FR 61885 (October 17, 2008).

Philip S. Kaplan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2018-27390 Filed 12-18-18; 8:45 am]
 BILLING CODE 9110-9B-P