[Federal Register Volume 84, Number 87 (Monday, May 6, 2019)] [Notices] [Pages 19808-19812] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2019-09204] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF JUSTICE [CPCLO Order No. 003-2019] Privacy Act of 1974; Systems of Records AGENCY: Federal Bureau of Prisons, United States Department of Justice. ACTION: Notice of a Modified System of Records. ----------------------------------------------------------------------- SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108, notice is hereby given that the Federal Bureau of Prisons (hereinafter Bureau or BOP), a component within the United States Department of Justice (DOJ or Department), proposes to modify a system of records notice titled, ``Inmate Central Records System,'' JUSTICE/BOP-005, last modified on May 25, 2017. DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is effective upon publication, subject to a 30-day period in which to comment on the routine uses, described below. Please submit any comments by June 5, 2019. ADDRESSES: The public, OMB, and Congress are invited to submit any comments by mail to the United States Department of Justice, Office of Privacy and Civil Liberties, ATTN: Privacy Analyst, National Place Building, 1331 Pennsylvania Avenue NW, Suite 1000, Washington, DC 20530, by facsimile at 202-307-0693, or by email at [email protected]. To ensure proper handling, please reference the above CPCLO Order No. on your correspondence. FOR FURTHER INFORMATION CONTACT: Eugene Baime, Supervisory Attorney, Freedom of Information Act and Privacy Act Section, Office of General Counsel, Federal Bureau of Prisons, 320 First Street NW, Suite 924A, Washington, DC 20534, [email protected]. SUPPLEMENTARY INFORMATION: The BOP is modifying the system of records to consolidate previously published modifications of the system of records into one document to promote transparency. For a detailed list of previously published modifications, please review the ``History'' section below. Additionally, modifications to the system of records have been made to incorporate OMB guidance, technological advancements, and a new routine use. Pursuant to OMB Circular No. A-108, various sections were rearranged and various section titles were edited. BOP moves the System Manager(s) section in the system of records notice, as well as edited Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System: Storage, Retrievability, Safeguards, and Retention and Disposal to the following section titles: Policies and Practices for Storage of Records; Policies and Practices for Retrieval of Records; Policies and Practices for Retrieval of Records; Policies and Practices for Retention and Disposal of Records; and Administrative, Technical, and Physical Safeguards. Technological advancements, such as the ability to store records in the cloud and creation of stronger authentication methods, and institutional changes led the BOP to modify and update the Policies and Practices for Storage of Records, Policies and Practices for Retrieval of Records, Administrative, Technical, and Physical Safeguards, System Location, and System Manager(s), and Addresses sections. The new routine use will help the Department of Treasury ensure only eligible inmates receive federal benefits in accordance with the Improper Payments Elimination and Recovery Improvement Act of 2012. Additionally, as part of the consolidation, previously published routine uses on breach procedures have been added to the Routine Use section. Although exemptions from (e)(4)(G) and (e)(4)(I) were previously added for law enforcement purposes, guidance on retrievability and access procedures remain. The Record Access Procedures section is updated to reduce the risk of unauthorized disclosures of information. The component adds a routine use: Routine use (x) will permit BOP to disclose records to the Department of Treasury for the purpose of conducting computer matches on behalf of federal agencies to determine the eligibility of or validate the entitlement of Bureau [[Page 19809]] inmates to receive federal benefits pursuant to applicable federal law. One example of such a federal law is the Improper Payments Elimination and Recovery Improvement Act of 2012. BOP continues to assert the same Privacy Act exemptions as previously published in 28 CFR 16.97(j) and (k). Additional exemptions from 5 U.S.C. 552a(e)(4)(G) and (e)(4)(I) were added for law enforcement purposes. 77 FR 24982 (April 26, 2012). Pursuant to updated OMB Guidance, BOP has made administrative edits to the order and titles of sections in the notice. The BOP makes a slight change in the ``System Location'' section by adding Archive Centers to the list of locations. The BOP updates the ``System Manager(s)'' and Addresses section to reflect administrative changes. Additionally, the BOP makes a slight change in the ``Policies and Practices for Storage of Records'' section by adding a secure cloud as a location files may be stored. The BOP updates the ``Policies and Practices for Retrieval of Records'' section to include additional identifying particulars. The BOP makes a slight change in the ``Administrative, Technical, and Physical Safeguards'' section to clarify that access to data is facilitated via strong authentication and data is segregated to limit staff's ability to update data absent authorization. The BOP updates the ``Record Access Procedures'' to include more detail on how one may access records. In accordance with 5 U.S.C. 552a(r), the Department has provided a report to OMB and Congress on this new system of records. Dated: April 30, 2019. Peter A. Winn, Acting Chief Privacy and Civil Liberties Officer, United States Department of Justice. JUSTICE/BOP--005 SYSTEM NAME AND NUMBER: Inmate Central Records System, JUSTICE/BOP--005. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Records may be retained at any Department of Justice authorized location, including the Central Office, Regional Offices, any of the Federal Bureau of Prisons (Bureau) and/or any contractor-operated correctional facilities, and National Archive Centers. A list of Bureau locations may be found at 28 CFR part 503 and on the internet at http://www.bop.gov. Records may also be maintained in secure cloud computing environments. SYSTEM MANAGER(S): Senior Deputy Assistant Director/Chief Information Officer, Information, Policy and Public Affairs Division, Federal Bureau of Prisons, 320 First Street NW, Washington, DC 20534. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: This system is established and maintained under the authority of 18 U.S.C. 3621, 4042, 5003 (state inmates), and section 11201 of Chapter 1 of Subtitle C of Title XI of the National Capital Revitalization and Self-Government Improvement Act of 1997 (Pub. L. 105-33; 111 Stat. 740). PURPOSE(S) OF THE SYSTEM: This system assists the Attorney General and the Bureau of Prisons in meeting statutory responsibilities for the safekeeping, care, and custody of incarcerated persons. It serves as the primary record system on these individuals and includes information critical to the continued safety and security of not only incarcerated persons, but also the federal prisons and the public. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals currently or formerly under the custody of the Attorney General and/or the Director of the Bureau of Prisons, including those individuals under custody for criminal and civil commitments. CATEGORIES OF RECORDS IN THE SYSTEM: This system contains records relating to the care, classification, subsistence, protection, discipline, and programs of federal inmates. Such records may include: (1) Computation of sentence and supporting documentation; (2) correspondence and other documentation concerning pending charges, and wanted status, including warrants; (3) requests from other federal and non-federal law enforcement agencies for notification prior to release; (4) records of the allowance, forfeiture, withholding and restoration of good time; (5) information concerning present offense, prior criminal background, sentence and parole; (6) identification data including date of birth, Social Security number, driver's license number, alien registration number, passports, physical description, sex, race, religious preference, photographs, fingerprints, digital image, biometric identifiers, drug testing and DNA samples and analysis records; (7) institution designation and housing assignments, including separation orders, and supporting documentation; (8) work and payroll records and benefits information; (9) program selections, assignment and performance or progress reports; (10) prison conduct records, including information concerning disciplinary actions, participation in escapes, assaults, and disturbances; (11) economic, social, and religious background, including special religious dietary requirements; (12) educational data, including industrial and vocational training; (13) physical and mental health data; (14) United States Parole Commission orders, actions and related forms; (15) correspondence regarding the inmate, including his or her release, adjustment and violations; (16) transfer information, including orders and transportation arrangements; (17) mail, visiting and telephone records; (18) personal property records; (19) safety reports and rules; (20) release processing forms and certificates; (21) interview requests; (22) litigation related records; (23) investigatory information; (24) institution tracking records to locate archived files; (25) referrals of non-federal inmates to Bureau custody and/or referrals of Bureau inmates to state custody. RECORD SOURCE CATEGORIES: Records are generated by: (1) Individual currently or formerly under custody; (2) federal, state, local, territorial, tribal, foreign and international law enforcement agencies and personnel; (3) federal and state prosecutors, courts and probation services; (4) educational institutions; (5) health care providers; (6) relatives, friends, and other interested individuals or groups in the community; (7) former or future employers; (8) state, local and private corrections staff; and (9) Bureau staff and institution contractors and volunteers. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system of records may be disclosed as a routine use pursuant to 5 U.S.C. 552a(b)(3) under the circumstances or for the purposes described below, to the extent such disclosures are compatible with the purposes for which the information was collected: (a) To officers and employees of the Bureau of Prisons and the Department of Justice who have a need for the information in the performance of their duties; [[Page 19810]] (b) To federal, state, local, territorial, tribal, foreign and international law enforcement agencies and court officials for law enforcement and court-related purposes such as investigations, possible criminal prosecutions, civil court actions, or regulatory or parole proceedings, and, prior to release of an inmate, to the chief law enforcement officer of the state and local jurisdiction in which the released inmate will reside, as required by 18 U.S.C. 4042(b); (c) To a court or adjudicative body before which the Department of Justice or the Bureau is authorized to appear, or to a private attorney authorized by the Department of Justice to represent a Bureau employee, when any of the following is a party to litigation or has an interest in litigation and such records are determined by the Bureau to be arguably relevant to the litigation: (1) The Bureau, or any subdivision thereof, or the Department of Justice, or (2) any Department of Justice or Bureau employee in his or her official capacity, or (3) any Department of Justice or Bureau employee in his or her individual capacity where the Department of Justice has agreed to provide representation for the employee, or (4) the United States, where the Bureau determines that the litigation is likely to affect it or any of its subdivisions; (d) In an appropriate proceeding before a court or administrative or regulatory body when records are determined by the Department of Justice to be arguably relevant to the proceeding, including federal, state, and local licensing agencies or associations which require information concerning the suitability or eligibility of an individual for a license, permit, or similar authorization; (e) To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish an agency function related to this system of records; (f) To victims and/or witnesses, pursuant to federal victim/witness legislation and policy requiring the release of information relating to an inmate's furlough, parole (including appearance before the United States Parole Commission), transfer to a community corrections center, mandatory release, expiration of sentence, escape (including apprehension), death, and other such release-related information; (g) To state agencies and authorities, pursuant to Public Law 98- 135, for the purpose of matching the data against state records to review eligibility of these inmates for unemployment compensation; the requesting state is to erase the Bureau data after this determination has been made; (h) To the Social Security Administration (SSA), pursuant to Public Law 96-473, for the purpose of matching the data against SSA records to enable the SSA to determine the eligibility of Bureau inmates to receive benefits under the Social Security Act and for the purpose of assisting SSA in providing inmate data to the states administering federal benefit programs such as Food Stamps; SSA is to erase the Bureau data after the match has been made; (i) To the United States Department of Veterans Affairs (VA), for the purpose of matching the records against VA records to determine the eligibility or potential eligibility of Bureau inmates to receive veterans' benefits and/or services; (j) To the Federal Aviation Administration (FAA), pursuant to Public Law 100-690, for the purpose of matching the data against FAA records to determine the eligibility of Bureau inmates to hold and obtain airmen certification and qualification; (k) To the Internal Revenue Service (IRS) for the purposes of matching the data against IRS records for fraud detection; (l) To the news media and the public pursuant to 28 CFR 50.2 unless it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy; (m) To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of and at the request of the individual who is the subject of the record; (n) To the National Archives and Records Administration and General Services Administration in records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906; (o) To any person or entity to the extent necessary to prevent immediate loss of life or serious bodily injury; (p) To a former employee of the Department, pursuant to subsection (b)(3) of the Privacy Act, for purposes of: Responding to an official inquiry by a federal, state, or local government entity or professional licensing authority, in accordance with applicable Department regulations; or facilitating communications with a former employee that may be necessary for personnel-related or other official purposes where the Department requires information and/or consultation assistance from the former employee regarding a matter within that person's former area of responsibility; (q) To the United States Sentencing Commission (USSC) for the purpose of providing inmate identification data to enable the USSC to perform research and conduct studies; (r) To the news media and the public, including disclosures of matters solely of general public record, including name, offense, sentence data, current and past institution confinements, and release date, unless it is determined that release of the specific information would constitute an unwarranted invasion of personal privacy; (s) To such recipients and under such circumstances and procedures as are mandated by federal statute or treaty; (t) To federal, state or community health care agencies and professionals, including physicians, psychiatrists, psychologists, and state and federal medical facility personnel, who are providing treatment for a pre-existing condition to former federal inmates, and to federal, state, or local health care agencies and professionals for the purpose of securing medical or mental health after-care for current federal inmates; (u) To the Department of State (DOS), for the purpose of matching the data against DOS records for detection/prevention of criminal activity under 18 U.S.C. 1544; (v) To appropriate agencies, entities, and persons when (1) the Department suspects or has confirmed that there has been a breach of the system of records; (2) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOJ (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; (w) To another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach; and [[Page 19811]] (x) To the Department of Treasury for the purpose of matching federal records on behalf of federal agencies, to determine the eligibility of or validate the entitlement of Bureau inmates to receive federal benefits pursuant to applicable federal law. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Information maintained in the system is stored in electronic format via a configuration of personal computer, client/server, mainframe systems, and/or cloud architecture and may be accessed by only those staff with a need-to-know at all Bureau and contractor facilities. Some information may be stored on computerized media, e.g., hard disk, magnetic tape, digital recordings, and/or Compact or Digital Video Discs (CD/DVDs). Documentary (paper) records are maintained in manual file folders. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrieved by identifying particulars of the persons covered by this system, including name, inmate register number, Federal Register number, Social Security number, alien registration number, system-generated identification number, passport number, vendor number, claim number, email address, miscellaneous identification number, telephone number or mailing address. Records are also retrievable by institution, date, or type of incident. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records in this system are retained for a period of thirty (30) years after the expiration of the sentence. Records of an unsentenced inmate are retained for a period of ten (10) years after the inmate's release from confinement. Documentary records are destroyed by shredding; computer records are destroyed by degaussing and/or shredding. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: System records are maintained in secured access space in BOP- controlled facilities and offices. Computerized data requires user authentication for access and all session traffic is encrypted. All BOP personnel are required to pass an extensive background investigation. The information in the system is accessed only by authorized DOJ personnel or by non-DOJ personnel properly authorized to access the system. The system employs role-based access and authentication controls and enforcement mechanisms so that each user can access only the information appropriate for their role. Some data may be stored in a secure cloud environment by a provider authorized under the Federal Risk and Authorization Management Program (FedRAMP). Authorized system users are subject to adequate physical security controls and built-in system controls to protect against unauthorized personnel gaining access to the equipment and/or the information stored in it. All authorized users are required to agree to Rules of Behavior and Terms of Use limiting use of the information in the system to official purposes. System audit logs are created and monitored to detect any misuse of the system. RECORD ACCESS PROCEDURES: The Attorney General has exempted this system of records from the notification, access, amendment, and contest procedures of the Privacy Act. These exemptions apply only to the extent that the information in this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or (k). Where compliance would not appear to interfere with or adversely affect the purposes of the system, or the overall law enforcement/ intelligence process, the applicable exemption (in whole or in part) may be waived by the BOP in its sole discretion. All requests for records may be made by writing to the Director, Federal Bureau of Prisons, 320 First Street NW, Washington, DC 20534, and should be clearly marked ``Privacy Act Request.'' In addition, the requester must provide a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format: If executed outside the United States: ``I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on [date]. [Signature].'' If executed within the United States, its territories, possessions, or commonwealths: ``I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on [date]. [Signature].'' While no specific form is required, requesters may obtain a form (Form DOJ-361) for use in certification of identity, available at https://www.bop.gov/inmates/docs/certification_of_identity.pdf. In the initial request, the requester may also include any other identifying data that the requester may wish to furnish to assist the BOP in making a reasonable search. The request should include a return address for use by the BOP in responding; requesters are also encouraged to include a telephone number to facilitate BOP contacts related to processing the request. A determination of whether a record may be accessed will be made after a request is received. CONTESTING RECORD PROCEDURES: Individuals seeking to contest or amend records maintained in this system of records must direct their requests to the address indicated in the ``RECORD ACCESS PROCEDURES'' section, above. All requests to contest or amend records must be in writing and the envelope and letter should be clearly marked ``Privacy Act Amendment Request.'' All requests must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record. Some information may be exempt from the amendment provisions as described in the ``EXEMPTIONS PROMULGATED FOR THE SYSTEM'' section, below. An individual who is the subject of a record in this system of records may contest or amend those records that are not exempt. A determination of whether a record is exempt from the amendment provisions will be made after a request is received. More information regarding the Department's procedures for amending or contesting records in accordance with the Privacy Act can be found at 28 CFR 16.46, ``Requests for Amendment or Correction of Records.'' NOTIFICATION PROCEDURES: Individuals may be notified if a record in this system of records pertains to them when the individuals request information utilizing the same procedures as those identified in the ``RECORD ACCESS PROCEDURES'' section, above. EXEMPTIONS PROMULGATED FOR THE SYSTEM: The Attorney General has exempted this system from subsections (c)(3) and (4); (d); (e)(1), (2), (3), (4)(G), (H), and (I), (5), (8); (f); and (g) of the Privacy Act pursuant to 5 U.S.C. 552a(j). The Attorney General has also exempted this system from subsections (c)(3); (d); (e)(1), (e)(4)(G), (H), and (I); and (f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2). The exemptions will be applied only to the extent that the information in the system is subject to exemption pursuant to 5 U.S.C. 552a(j) and (k)(2). Rules have been promulgated in accordance with the requirements of 5 U.S.C. 553(b), (c) and (e), and have been published in the Federal Register. HISTORY: 67 FR 31371 (May 9, 2002): Last published in full; [[Page 19812]] 72 FR 3410 (January 25, 2007): Added a routine use; 77 FR 24982 (April 26, 2012): Added routine uses and claimed exemptions; 81 FR 22639 (April 18, 2016): Added a routine use; and 82 FR 24147 (May 25, 2017): Rescinded 72 FR 3410 and added routine uses. [FR Doc. 2019-09204 Filed 5-3-19; 8:45 am] BILLING CODE 4410-36-P