[Federal Register Volume 84, Number 87 (Monday, May 6, 2019)]
[Notices]
[Pages 19808-19812]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-09204]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[CPCLO Order No. 003-2019]


Privacy Act of 1974; Systems of Records

AGENCY: Federal Bureau of Prisons, United States Department of Justice.

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management 
and Budget (OMB) Circular No. A-108, notice is hereby given that the 
Federal Bureau of Prisons (hereinafter Bureau or BOP), a component 
within the United States Department of Justice (DOJ or Department), 
proposes to modify a system of records notice titled, ``Inmate Central 
Records System,'' JUSTICE/BOP-005, last modified on May 25, 2017.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
effective upon publication, subject to a 30-day period in which to 
comment on the routine uses, described below. Please submit any 
comments by June 5, 2019.

ADDRESSES: The public, OMB, and Congress are invited to submit any 
comments by mail to the United States Department of Justice, Office of 
Privacy and Civil Liberties, ATTN: Privacy Analyst, National Place 
Building, 1331 Pennsylvania Avenue NW, Suite 1000, Washington, DC 
20530, by facsimile at 202-307-0693, or by email at 
[email protected]. To ensure proper handling, please 
reference the above CPCLO Order No. on your correspondence.

FOR FURTHER INFORMATION CONTACT: Eugene Baime, Supervisory Attorney, 
Freedom of Information Act and Privacy Act Section, Office of General 
Counsel, Federal Bureau of Prisons, 320 First Street NW, Suite 924A, 
Washington, DC 20534, [email protected].

SUPPLEMENTARY INFORMATION: The BOP is modifying the system of records 
to consolidate previously published modifications of the system of 
records into one document to promote transparency. For a detailed list 
of previously published modifications, please review the ``History'' 
section below. Additionally, modifications to the system of records 
have been made to incorporate OMB guidance, technological advancements, 
and a new routine use. Pursuant to OMB Circular No. A-108, various 
sections were rearranged and various section titles were edited. BOP 
moves the System Manager(s) section in the system of records notice, as 
well as edited Policies and Practices for Storing, Retrieving, 
Accessing, Retaining, and Disposing of Records in the System: Storage, 
Retrievability, Safeguards, and Retention and Disposal to the following 
section titles: Policies and Practices for Storage of Records; Policies 
and Practices for Retrieval of Records; Policies and Practices for 
Retrieval of Records; Policies and Practices for Retention and Disposal 
of Records; and Administrative, Technical, and Physical Safeguards. 
Technological advancements, such as the ability to store records in the 
cloud and creation of stronger authentication methods, and 
institutional changes led the BOP to modify and update the Policies and 
Practices for Storage of Records, Policies and Practices for Retrieval 
of Records, Administrative, Technical, and Physical Safeguards, System 
Location, and System Manager(s), and Addresses sections. The new 
routine use will help the Department of Treasury ensure only eligible 
inmates receive federal benefits in accordance with the Improper 
Payments Elimination and Recovery Improvement Act of 2012. 
Additionally, as part of the consolidation, previously published 
routine uses on breach procedures have been added to the Routine Use 
section. Although exemptions from (e)(4)(G) and (e)(4)(I) were 
previously added for law enforcement purposes, guidance on 
retrievability and access procedures remain. The Record Access 
Procedures section is updated to reduce the risk of unauthorized 
disclosures of information.
    The component adds a routine use: Routine use (x) will permit BOP 
to disclose records to the Department of Treasury for the purpose of 
conducting computer matches on behalf of federal agencies to determine 
the eligibility of or validate the entitlement of Bureau

[[Page 19809]]

inmates to receive federal benefits pursuant to applicable federal law. 
One example of such a federal law is the Improper Payments Elimination 
and Recovery Improvement Act of 2012.
    BOP continues to assert the same Privacy Act exemptions as 
previously published in 28 CFR 16.97(j) and (k). Additional exemptions 
from 5 U.S.C. 552a(e)(4)(G) and (e)(4)(I) were added for law 
enforcement purposes. 77 FR 24982 (April 26, 2012).
    Pursuant to updated OMB Guidance, BOP has made administrative edits 
to the order and titles of sections in the notice. The BOP makes a 
slight change in the ``System Location'' section by adding Archive 
Centers to the list of locations. The BOP updates the ``System 
Manager(s)'' and Addresses section to reflect administrative changes. 
Additionally, the BOP makes a slight change in the ``Policies and 
Practices for Storage of Records'' section by adding a secure cloud as 
a location files may be stored. The BOP updates the ``Policies and 
Practices for Retrieval of Records'' section to include additional 
identifying particulars. The BOP makes a slight change in the 
``Administrative, Technical, and Physical Safeguards'' section to 
clarify that access to data is facilitated via strong authentication 
and data is segregated to limit staff's ability to update data absent 
authorization. The BOP updates the ``Record Access Procedures'' to 
include more detail on how one may access records.
    In accordance with 5 U.S.C. 552a(r), the Department has provided a 
report to OMB and Congress on this new system of records.

    Dated: April 30, 2019.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer, United States 
Department of Justice.
JUSTICE/BOP--005

SYSTEM NAME AND NUMBER:
    Inmate Central Records System, JUSTICE/BOP--005.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records may be retained at any Department of Justice authorized 
location, including the Central Office, Regional Offices, any of the 
Federal Bureau of Prisons (Bureau) and/or any contractor-operated 
correctional facilities, and National Archive Centers. A list of Bureau 
locations may be found at 28 CFR part 503 and on the internet at http://www.bop.gov. Records may also be maintained in secure cloud computing 
environments.

SYSTEM MANAGER(S):
    Senior Deputy Assistant Director/Chief Information Officer, 
Information, Policy and Public Affairs Division, Federal Bureau of 
Prisons, 320 First Street NW, Washington, DC 20534.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    This system is established and maintained under the authority of 18 
U.S.C. 3621, 4042, 5003 (state inmates), and section 11201 of Chapter 1 
of Subtitle C of Title XI of the National Capital Revitalization and 
Self-Government Improvement Act of 1997 (Pub. L. 105-33; 111 Stat. 
740).

PURPOSE(S) OF THE SYSTEM:
    This system assists the Attorney General and the Bureau of Prisons 
in meeting statutory responsibilities for the safekeeping, care, and 
custody of incarcerated persons. It serves as the primary record system 
on these individuals and includes information critical to the continued 
safety and security of not only incarcerated persons, but also the 
federal prisons and the public.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals currently or formerly under the custody of the Attorney 
General and/or the Director of the Bureau of Prisons, including those 
individuals under custody for criminal and civil commitments.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains records relating to the care, classification, 
subsistence, protection, discipline, and programs of federal inmates. 
Such records may include:
    (1) Computation of sentence and supporting documentation; (2) 
correspondence and other documentation concerning pending charges, and 
wanted status, including warrants; (3) requests from other federal and 
non-federal law enforcement agencies for notification prior to release; 
(4) records of the allowance, forfeiture, withholding and restoration 
of good time; (5) information concerning present offense, prior 
criminal background, sentence and parole; (6) identification data 
including date of birth, Social Security number, driver's license 
number, alien registration number, passports, physical description, 
sex, race, religious preference, photographs, fingerprints, digital 
image, biometric identifiers, drug testing and DNA samples and analysis 
records; (7) institution designation and housing assignments, including 
separation orders, and supporting documentation; (8) work and payroll 
records and benefits information; (9) program selections, assignment 
and performance or progress reports; (10) prison conduct records, 
including information concerning disciplinary actions, participation in 
escapes, assaults, and disturbances; (11) economic, social, and 
religious background, including special religious dietary requirements; 
(12) educational data, including industrial and vocational training; 
(13) physical and mental health data; (14) United States Parole 
Commission orders, actions and related forms; (15) correspondence 
regarding the inmate, including his or her release, adjustment and 
violations; (16) transfer information, including orders and 
transportation arrangements; (17) mail, visiting and telephone records; 
(18) personal property records; (19) safety reports and rules; (20) 
release processing forms and certificates; (21) interview requests; 
(22) litigation related records; (23) investigatory information; (24) 
institution tracking records to locate archived files; (25) referrals 
of non-federal inmates to Bureau custody and/or referrals of Bureau 
inmates to state custody.

RECORD SOURCE CATEGORIES:
    Records are generated by: (1) Individual currently or formerly 
under custody; (2) federal, state, local, territorial, tribal, foreign 
and international law enforcement agencies and personnel; (3) federal 
and state prosecutors, courts and probation services; (4) educational 
institutions; (5) health care providers; (6) relatives, friends, and 
other interested individuals or groups in the community; (7) former or 
future employers; (8) state, local and private corrections staff; and 
(9) Bureau staff and institution contractors and volunteers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b), all or a portion of the records or information contained in 
this system of records may be disclosed as a routine use pursuant to 5 
U.S.C. 552a(b)(3) under the circumstances or for the purposes described 
below, to the extent such disclosures are compatible with the purposes 
for which the information was collected:
    (a) To officers and employees of the Bureau of Prisons and the 
Department of Justice who have a need for the information in the 
performance of their duties;

[[Page 19810]]

    (b) To federal, state, local, territorial, tribal, foreign and 
international law enforcement agencies and court officials for law 
enforcement and court-related purposes such as investigations, possible 
criminal prosecutions, civil court actions, or regulatory or parole 
proceedings, and, prior to release of an inmate, to the chief law 
enforcement officer of the state and local jurisdiction in which the 
released inmate will reside, as required by 18 U.S.C. 4042(b);
    (c) To a court or adjudicative body before which the Department of 
Justice or the Bureau is authorized to appear, or to a private attorney 
authorized by the Department of Justice to represent a Bureau employee, 
when any of the following is a party to litigation or has an interest 
in litigation and such records are determined by the Bureau to be 
arguably relevant to the litigation: (1) The Bureau, or any subdivision 
thereof, or the Department of Justice, or (2) any Department of Justice 
or Bureau employee in his or her official capacity, or (3) any 
Department of Justice or Bureau employee in his or her individual 
capacity where the Department of Justice has agreed to provide 
representation for the employee, or (4) the United States, where the 
Bureau determines that the litigation is likely to affect it or any of 
its subdivisions;
    (d) In an appropriate proceeding before a court or administrative 
or regulatory body when records are determined by the Department of 
Justice to be arguably relevant to the proceeding, including federal, 
state, and local licensing agencies or associations which require 
information concerning the suitability or eligibility of an individual 
for a license, permit, or similar authorization;
    (e) To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function related to this system of 
records;
    (f) To victims and/or witnesses, pursuant to federal victim/witness 
legislation and policy requiring the release of information relating to 
an inmate's furlough, parole (including appearance before the United 
States Parole Commission), transfer to a community corrections center, 
mandatory release, expiration of sentence, escape (including 
apprehension), death, and other such release-related information;
    (g) To state agencies and authorities, pursuant to Public Law 98-
135, for the purpose of matching the data against state records to 
review eligibility of these inmates for unemployment compensation; the 
requesting state is to erase the Bureau data after this determination 
has been made;
    (h) To the Social Security Administration (SSA), pursuant to Public 
Law 96-473, for the purpose of matching the data against SSA records to 
enable the SSA to determine the eligibility of Bureau inmates to 
receive benefits under the Social Security Act and for the purpose of 
assisting SSA in providing inmate data to the states administering 
federal benefit programs such as Food Stamps; SSA is to erase the 
Bureau data after the match has been made;
    (i) To the United States Department of Veterans Affairs (VA), for 
the purpose of matching the records against VA records to determine the 
eligibility or potential eligibility of Bureau inmates to receive 
veterans' benefits and/or services;
    (j) To the Federal Aviation Administration (FAA), pursuant to 
Public Law 100-690, for the purpose of matching the data against FAA 
records to determine the eligibility of Bureau inmates to hold and 
obtain airmen certification and qualification;
    (k) To the Internal Revenue Service (IRS) for the purposes of 
matching the data against IRS records for fraud detection;
    (l) To the news media and the public pursuant to 28 CFR 50.2 unless 
it is determined that release of the specific information in the 
context of a particular case would constitute an unwarranted invasion 
of personal privacy;
    (m) To a Member of Congress or staff acting upon the Member's 
behalf when the Member or staff requests the information on behalf of 
and at the request of the individual who is the subject of the record;
    (n) To the National Archives and Records Administration and General 
Services Administration in records management inspections conducted 
under the authority of 44 U.S.C. 2904 and 2906;
    (o) To any person or entity to the extent necessary to prevent 
immediate loss of life or serious bodily injury;
    (p) To a former employee of the Department, pursuant to subsection 
(b)(3) of the Privacy Act, for purposes of: Responding to an official 
inquiry by a federal, state, or local government entity or professional 
licensing authority, in accordance with applicable Department 
regulations; or facilitating communications with a former employee that 
may be necessary for personnel-related or other official purposes where 
the Department requires information and/or consultation assistance from 
the former employee regarding a matter within that person's former area 
of responsibility;
    (q) To the United States Sentencing Commission (USSC) for the 
purpose of providing inmate identification data to enable the USSC to 
perform research and conduct studies;
    (r) To the news media and the public, including disclosures of 
matters solely of general public record, including name, offense, 
sentence data, current and past institution confinements, and release 
date, unless it is determined that release of the specific information 
would constitute an unwarranted invasion of personal privacy;
    (s) To such recipients and under such circumstances and procedures 
as are mandated by federal statute or treaty;
    (t) To federal, state or community health care agencies and 
professionals, including physicians, psychiatrists, psychologists, and 
state and federal medical facility personnel, who are providing 
treatment for a pre-existing condition to former federal inmates, and 
to federal, state, or local health care agencies and professionals for 
the purpose of securing medical or mental health after-care for current 
federal inmates;
    (u) To the Department of State (DOS), for the purpose of matching 
the data against DOS records for detection/prevention of criminal 
activity under 18 U.S.C. 1544;
    (v) To appropriate agencies, entities, and persons when (1) the 
Department suspects or has confirmed that there has been a breach of 
the system of records; (2) the Department has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, DOJ (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm;
    (w) To another Federal agency or Federal entity, when the 
Department determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach; and

[[Page 19811]]

    (x) To the Department of Treasury for the purpose of matching 
federal records on behalf of federal agencies, to determine the 
eligibility of or validate the entitlement of Bureau inmates to receive 
federal benefits pursuant to applicable federal law.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Information maintained in the system is stored in electronic format 
via a configuration of personal computer, client/server, mainframe 
systems, and/or cloud architecture and may be accessed by only those 
staff with a need-to-know at all Bureau and contractor facilities. Some 
information may be stored on computerized media, e.g., hard disk, 
magnetic tape, digital recordings, and/or Compact or Digital Video 
Discs (CD/DVDs). Documentary (paper) records are maintained in manual 
file folders.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by identifying particulars of the persons 
covered by this system, including name, inmate register number, Federal 
Register number, Social Security number, alien registration number, 
system-generated identification number, passport number, vendor number, 
claim number, email address, miscellaneous identification number, 
telephone number or mailing address. Records are also retrievable by 
institution, date, or type of incident.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained for a period of thirty (30) 
years after the expiration of the sentence. Records of an unsentenced 
inmate are retained for a period of ten (10) years after the inmate's 
release from confinement. Documentary records are destroyed by 
shredding; computer records are destroyed by degaussing and/or 
shredding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    System records are maintained in secured access space in BOP-
controlled facilities and offices. Computerized data requires user 
authentication for access and all session traffic is encrypted. All BOP 
personnel are required to pass an extensive background investigation. 
The information in the system is accessed only by authorized DOJ 
personnel or by non-DOJ personnel properly authorized to access the 
system. The system employs role-based access and authentication 
controls and enforcement mechanisms so that each user can access only 
the information appropriate for their role. Some data may be stored in 
a secure cloud environment by a provider authorized under the Federal 
Risk and Authorization Management Program (FedRAMP). Authorized system 
users are subject to adequate physical security controls and built-in 
system controls to protect against unauthorized personnel gaining 
access to the equipment and/or the information stored in it. All 
authorized users are required to agree to Rules of Behavior and Terms 
of Use limiting use of the information in the system to official 
purposes. System audit logs are created and monitored to detect any 
misuse of the system.

RECORD ACCESS PROCEDURES:
    The Attorney General has exempted this system of records from the 
notification, access, amendment, and contest procedures of the Privacy 
Act. These exemptions apply only to the extent that the information in 
this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or 
(k). Where compliance would not appear to interfere with or adversely 
affect the purposes of the system, or the overall law enforcement/
intelligence process, the applicable exemption (in whole or in part) 
may be waived by the BOP in its sole discretion.
    All requests for records may be made by writing to the Director, 
Federal Bureau of Prisons, 320 First Street NW, Washington, DC 20534, 
and should be clearly marked ``Privacy Act Request.'' In addition, the 
requester must provide a notarized statement or an unsworn declaration 
made in accordance with 28 U.S.C. 1746, in the following format: If 
executed outside the United States: ``I declare (or certify, verify, or 
state) under penalty of perjury under the laws of the United States of 
America that the foregoing is true and correct. Executed on [date]. 
[Signature].'' If executed within the United States, its territories, 
possessions, or commonwealths: ``I declare (or certify, verify, or 
state) under penalty of perjury that the foregoing is true and correct. 
Executed on [date]. [Signature].''
    While no specific form is required, requesters may obtain a form 
(Form DOJ-361) for use in certification of identity, available at 
https://www.bop.gov/inmates/docs/certification_of_identity.pdf. In the 
initial request, the requester may also include any other identifying 
data that the requester may wish to furnish to assist the BOP in making 
a reasonable search. The request should include a return address for 
use by the BOP in responding; requesters are also encouraged to include 
a telephone number to facilitate BOP contacts related to processing the 
request. A determination of whether a record may be accessed will be 
made after a request is received.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records maintained in this 
system of records must direct their requests to the address indicated 
in the ``RECORD ACCESS PROCEDURES'' section, above. All requests to 
contest or amend records must be in writing and the envelope and letter 
should be clearly marked ``Privacy Act Amendment Request.'' All 
requests must state clearly and concisely what record is being 
contested, the reasons for contesting it, and the proposed amendment to 
the record. Some information may be exempt from the amendment 
provisions as described in the ``EXEMPTIONS PROMULGATED FOR THE 
SYSTEM'' section, below. An individual who is the subject of a record 
in this system of records may contest or amend those records that are 
not exempt. A determination of whether a record is exempt from the 
amendment provisions will be made after a request is received.
    More information regarding the Department's procedures for amending 
or contesting records in accordance with the Privacy Act can be found 
at 28 CFR 16.46, ``Requests for Amendment or Correction of Records.''

NOTIFICATION PROCEDURES:
    Individuals may be notified if a record in this system of records 
pertains to them when the individuals request information utilizing the 
same procedures as those identified in the ``RECORD ACCESS PROCEDURES'' 
section, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Attorney General has exempted this system from subsections 
(c)(3) and (4); (d); (e)(1), (2), (3), (4)(G), (H), and (I), (5), (8); 
(f); and (g) of the Privacy Act pursuant to 5 U.S.C. 552a(j). The 
Attorney General has also exempted this system from subsections (c)(3); 
(d); (e)(1), (e)(4)(G), (H), and (I); and (f) of the Privacy Act 
pursuant to 5 U.S.C. 552a(k)(2). The exemptions will be applied only to 
the extent that the information in the system is subject to exemption 
pursuant to 5 U.S.C. 552a(j) and (k)(2). Rules have been promulgated in 
accordance with the requirements of 5 U.S.C. 553(b), (c) and (e), and 
have been published in the Federal Register.

HISTORY:
    67 FR 31371 (May 9, 2002): Last published in full;

[[Page 19812]]

    72 FR 3410 (January 25, 2007): Added a routine use;
    77 FR 24982 (April 26, 2012): Added routine uses and claimed 
exemptions;
    81 FR 22639 (April 18, 2016): Added a routine use; and
    82 FR 24147 (May 25, 2017): Rescinded 72 FR 3410 and added routine 
uses.
[FR Doc. 2019-09204 Filed 5-3-19; 8:45 am]
 BILLING CODE 4410-36-P