[Federal Register Volume 84, Number 175 (Tuesday, September 10, 2019)]
[Notices]
[Pages 47533-47540]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-19449]


-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[CPCLO Order No. 006-2019]


Privacy Act of 1974; System of Records

AGENCY: Federal Bureau of Investigation, United States Department of 
Justice.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, and Office of Management 
and Budget (OMB) Circular No. A-108, notice is hereby given that the 
United States Department of Justice (Department or DOJ), Federal Bureau 
of Investigation (FBI), proposes to modify a system of records entitled 
National Crime Information Center (NCIC), JUSTICE/FBI-001, which was 
last published in the Federal Register on September 28, 1999 (64 FR 
52343). The NCIC serves as a central information repository to assist 
criminal justice professionals in apprehending fugitives, locating 
missing persons, recovering stolen property, and identifying known or 
suspected terrorists. Law enforcement officers also use the information 
within NCIC to help protect the general public and themselves when 
carrying out their official duties. This system of records notice is 
being updated to better inform the public about the types of 
information within the NCIC and the uses of this information to further 
criminal justice purposes.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of 
records begins on publication, subject to a 30-day period to comment on 
the routine use modifications described below. Please submit any 
comments by October 10, 2019.

ADDRESSES: The public, OMB, and Congress are invited to submit any 
comments: By mail to the Department of Justice, Office of Privacy and 
Civil Liberties, ATTN: Privacy Analyst, 145 N St. NE, Suite 8w-300, 
Washington, DC 20530; by facsimile at 202-307-0693; or by email at 
[email protected]. To ensure proper handling, please 
reference the above CPCLO Order No. on your correspondence.

FOR FURTHER INFORMATION CONTACT: Katherine M. Bond, Assistant General 
Counsel, Privacy and Civil Liberties Unit, Office of the General 
Counsel, FBI, 935 Pennsylvania Avenue NW, Washington, DC 20535-0001; 
telephone (202) 324-3000.

SUPPLEMENTARY INFORMATION: The FBI has revised this system of records 
notice to update information about this system. Established in 1967, 
the NCIC is a national criminal justice information system linking 
criminal (and authorized non-criminal) justice agencies located in the 
50 states, the District of Columbia, U.S. territories and possessions, 
as well as selected foreign countries to facilitate the cooperative 
sharing of criminal justice information. See 28 CFR Sections 20.3(b) & 
(g) for definitions of ``administration of criminal justice'' and 
``criminal justice agency.'' The NCIC provides a system to receive and 
maintain information contributed by participating agencies relating to 
criminal justice and national security missions. Information maintained 
in the NCIC is readily accessible for authorized purposes by authorized 
users via text-based queries (i.e., using names and other descriptive 
data). The purposes of maintaining records in the NCIC include 
combatting acts of terrorism; apprehending fugitives; solving crimes; 
locating missing persons; locating and returning stolen property; 
protecting individuals during declared emergency situations; protecting 
victims of domestic violence; monitoring registered sex offenders; 
conducting firearms, licensee, and explosive background checks; and 
enhancing the safety of law enforcement officers.
    This Notice modifies the previous publication of the NCIC System of 
Records Notice to (1) include new categories of records and 
individuals, (2) update routine uses, and (3) remove references to the 
Interstate Identification Index (III). Since the September 28, 1999, 
publication of notice of this System of Records, 64 FR 52343, criminal 
justice agencies have requested that additional information be included 
in the NCIC to meet their needs. This additional information includes 
such new categories of individuals and categories of records as the 
National Sex Offender Registry, the Supervised Release File, the 
Identity Theft File, the Protective Interest File, the NICS Denied 
Transaction File, the Immigration Violator File, and the Violent Person 
File. Adding this information to the NCIC advances FBI's mission and 
criminal justice investigation, as well as increasing officer safety by 
providing pertinent information to law enforcement officers regarding 
the individuals they encounter while on duty.
    This System of Records Notice also updates the routine uses for the 
information contained within the NCIC to educate the public on how the 
records will be shared with criminal justice agencies, authorized non-
criminal justice agencies, and private organizations to further the 
purposes of combatting acts of terrorism; apprehending fugitives; 
solving crimes; locating missing persons; locating and returning stolen 
property; protecting individuals during declared emergency situations; 
protecting victims of domestic violence; monitoring registered sex 
offenders; conducting firearms, licensee, and explosive background 
checks; and enhancing the safety of law enforcement officers. For 
consolidation and transparency purposes, the routine uses applicable to 
the NCIC under the FBI's Blanket Routine Uses (FBI-BRU, 66 FR 33558 
(June 22, 2001), as amended by 70 FR 7513, 517 (Feb. 14, 2005) and 82 
FR 24147 (May 25, 2017)) are also being included in the routine use 
portion of this notice.
    Finally, this modified System of Record Notice removes references 
to the Interstate Identification Index (III) and criminal history 
record information. Although the NCIC is used to retrieve criminal 
history record information from III through a federated search 
capability, III is not part of NCIC, and criminal history record 
information is no longer maintained within the NCIC, but is now 
maintained in the FBI's Next Generation Identification (NGI) System, 
JUSTICE/FBI-009, 81 FR 27284 (May 5, 2016). A person who wishes to 
access his or her criminal history records should follow the procedures 
set forth in 28 CFR 16.30 et seq.
    In accordance with 5 U.S.C. 552a(r), the Department has provided a 
report to OMB and the Congress on this revised system of records 
notice.


[[Page 47534]]


    Dated: August 28, 2019.
Peter A. Winn
Acting Chief Privacy and Civil Liberties Officer, United States 
Department of Justice.

SYSTEM NAME AND NUMBER:
    National Crime Information Center (NCIC), JUSTICE/FBI-001.

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    Records may be maintained at all locations at which the FBI 
operates or at which FBI operations are supported, including: J. Edgar 
Hoover Building, 935 Pennsylvania Avenue NW, Washington, DC 20535-0001; 
FBI Academy and FBI Laboratory, Quantico, VA 22135; FBI Criminal 
Justice Information Services (CJIS) Division, 1000 Custer Hollow Road, 
Clarksburg, WV 26306; FBI Records Management Division, 170 Marcel 
Drive, Winchester, VA 22602-4843; and FBI field offices, legal 
attaches, information technology centers, and other components listed 
on the FBI's internet website, https://www.fbi.gov. Some or all system 
information may also be duplicated at other locations where the FBI has 
granted direct access for support of FBI missions, for purposes of 
system backup, emergency preparedness, and/or continuity of operations.

SYSTEM MANAGER(S):
    Director, Federal Bureau of Investigation, 935 Pennsylvania Avenue 
NW, Washington, DC 20535-0001; (202) 324-3000.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Authorities for maintaining the system include 28 U.S.C. Chapter 
33; and 28 CFR 0.85 and 28 CFR part 20. Additional authorities include 
34 U.S.C. Chapter 10211; the Uniting and Strengthening America by 
Providing Appropriate Tools Required to Intercept and Obstruct 
Terrorism (USA PATRIOT) Act of 2001, Public Law 107-56, 115 Stat 272; 
the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), 
Public Law 108-458, 118 Stat 3638; the Implementing Regulations of the 
9/11 Commission Act of 2007, Public Law 110-53, 121 Stat 266; Executive 
Order 13311, Homeland Security Information Sharing (July 29, 2003); 
Executive Order 13356, Strengthening the Sharing of Terrorism 
Information To Protect Americans (August 27, 2004); and Executive Order 
13388, Further Strengthening the Sharing of Terrorism Information To 
Protect Americans (October 25, 2005).

PURPOSE(S) OF THE SYSTEM:
    Established in 1967, the NCIC is a national criminal justice 
information system linking criminal (and authorized non-criminal) 
justice agencies located in the 50 states, the District of Columbia, 
U.S. territories and possessions, as well as selected foreign 
countries, to facilitate the cooperative sharing of criminal justice 
information. The NCIC provides a system to receive and maintain 
information contributed by participating agencies relating to criminal 
justice and national security missions. Information maintained in the 
NCIC is readily accessible for authorized purposes by authorized users 
via text-based queries (i.e., using names and other descriptive data). 
The purposes of maintaining records in the NCIC include combatting acts 
of terrorism; apprehending fugitives; solving crimes; locating missing 
persons; locating and returning stolen property; protecting individuals 
during declared emergency situations; protecting victims of domestic 
violence; monitoring registered sex offenders; conducting firearms, 
licensee, and explosive background checks through the National Instant 
Criminal Background Check System (NICS); and enhancing the safety of 
law enforcement officers.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Categories of individuals covered by the system are:
    A. Wanted persons:
    1. Individuals for whom federal warrants are outstanding.
    2. Individuals who allegedly have committed or have been linked 
with an offense which is classified as a felony, misdemeanor, or other 
criminal offense under the existing penal statutes of the jurisdiction 
originating the entry and for whom a warrant has been issued with 
respect to the offense that was the basis of the entry; and probation 
and parole violators meeting these criteria.
    3. Individuals for whom a ``Temporary Felony Want'' has been 
entered. Temporary felony want records allow a law enforcement agency 
to take prompt action to apprehend a person suspected of committing a 
felony when circumstances prevent the agency from immediately obtaining 
a warrant. Procedural safeguards for these Temporary Felony Wants 
include that they may only be entered in NCIC for the apprehension of a 
person who has committed, or the officer has reasonable grounds to 
believe has committed, a felony; the person may seek refuge by fleeing 
across jurisdictional boundaries; and (as noted) circumstances preclude 
the immediate procurement of an arrest warrant. A Temporary Felony Want 
shall be specifically identified as such and automatically expires 48 
hours after entry.
    4. Juveniles who (a) have been adjudicated delinquent and who have 
escaped or absconded from custody, even though no arrest warrants were 
issued; or (b) who have been charged with the commission of a 
delinquent act that would be a crime if committed by an adult, and who 
may have fled from the state where the act was committed.
    5. Individuals who allegedly have committed or have been linked 
with an offense committed in a foreign country that would be a felony 
if committed in the United States, and for whom a warrant of arrest is 
outstanding, and (a) for which act an extradition treaty exists between 
the United States and that country, (b) are wanted by foreign 
authorities for a violent crime, or (c) are otherwise known or 
reasonably believed by foreign authorities to be violent, armed, or 
dangerous.
    6. Individuals who allegedly have committed or have been linked 
with an offense committed in Canada and for whom a Canada-Wide Warrant 
has been issued which meets the requirements of the Canada-United 
States Extradition Treaty.
    B. Sex offender registrants: Individuals who are required to 
register in a jurisdiction's sex offender registry.
    C. Violent felons: Individuals with three or more convictions for a 
violent felony or serious drug offense as defined by 18 U.S.C. 924(e), 
and who were entered into the NCIC Violent Felon file between 1992 and 
1998.
    D. Individuals on probation, parole, supervised release, pretrial 
supervision, or released on their own recognizance; and supervising 
officials for these individuals.
    E. Immigration violators: Criminal aliens who have been previously 
deported; aliens with outstanding administrative warrants of removal 
from the United States; aliens who have failed to comply with national 
security registration requirements; and other immigration violators.
    F. Missing persons: Individuals of any age who are missing and for 
whom there is a reasonable concern for the well-being of the person 
and/or others, such as: A missing person who suffers from a documented 
physical/mental disability; a person missing under circumstances 
indicating that the disappearance was not voluntary or that the 
person's health or physical safety may be in danger; a missing child 
under the age of 21 reported to law enforcement; a person missing after 
a catastrophe; and, persons reasonably

[[Page 47535]]

believed to have information regarding missing persons.
    G. Persons of protective interest: Individuals designated by local, 
state, tribal, territorial, and federal law enforcement agencies with a 
protective mission as presenting credible threats to authorized 
protectees of those agencies.
    H. Members of criminal gangs: Individuals about whom law 
enforcement agencies have developed sufficient information to establish 
membership or other similar relationship in a particular criminal gang 
by either self-admission or pursuant to documented criteria approved by 
the FBI. For the purpose of this file, a gang is defined as a group of 
three or more persons with a common interest, bond, or activity 
characterized by criminal or delinquent conduct.
    I. Known or suspected terrorists: Individuals known or 
appropriately suspected to be or have been engaged in conduct 
constituting, in preparation for, in aid of, or related to domestic or 
international terrorism.
    J. Military Detainees: Individuals who were officially detained 
during military operations who pose an actual or possible threat to 
national security, but not persons detained as Enemy Prisoners of War.
    K. National Security Threat Actors: Individuals, organizations, 
groups, or networks assessed to be a threat to the safety, security, or 
national interests of the United States including cyber threat actors, 
foreign intelligence threat actors, military threat actors, 
transnational criminal actors, and weapons proliferators as defined in 
National Security Presidential Memorandum 7, issued on October 5, 2017, 
or any subsequent authority.
    L. Unidentified persons: Any unidentified deceased person or body 
parts, or any living person whose identity has not been ascertained 
(e.g., infant, amnesia victim, catastrophe victim).
    M. Persons related to protection orders: Individuals against whom a 
protection order has been issued and the protected persons.
    N. Owners of stolen property related to NCIC entries.
    O. Victims of identity theft.
    P. Individuals who have been disqualified from possessing, 
transferring, or receiving firearms or explosives, or have been denied 
a weapons permit under applicable state or federal law pursuant to the 
National Instant Criminal Background Check System (NICS).
    Q. Violent persons: Individuals who have been convicted of violent 
crimes, or have made credible threats, against law enforcement and 
individuals who have been convicted of certain other violent crimes.
    R. Individuals associated with active FBI investigations such as 
suspects, subjects of interest, witnesses, or victims.
    S. FBI employees, U.S. government employees, and employees of 
local, state, tribal, or territorial law enforcement agencies.
    T. Individuals who are, or within the last five years were, under 
FBI investigation for terrorism.
    U. Individuals named in documents supporting NCIC entries (e.g. 
warrants, protection orders, terms and conditions of probation/
supervised released, missing person reports).
    V. Subjects of Continuous Evaluation: Individuals required by 
statute, executive authority, or other legal authority to undergo 
continuous revetting to maintain employment or security clearance with 
a federal agency.
    W. Individuals who have provided their information to federal 
agencies for the purposes of immigration benefits or other government 
benefits which require ongoing suitability determinations (e.g. Trusted 
Traveler programs).
    X. Individuals who have been queried through the NCIC. This 
includes all individuals queried through the NCIC for purposes listed 
in the ``Routine Uses'' section of this notice.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The NCIC may contain records about individuals described by the 
categories listed above. Records may include all manner of identifying 
information, such as name, Social Security number, date of birth, place 
of birth, physical description, photograph, descriptive information 
about fingerprints and other biometrics which may be available (the 
biometrics themselves and not maintained within the NCIC), passport 
and/or driver's license information, personal and business addresses 
and telephone numbers, and other personal identifiers. Records in the 
system may include details pertinent to particular file types, such as 
law enforcement information, visa/immigration information, and 
terrorism information; information relevant to the protection of 
health, safety, or property; physical or medical characteristics or 
other personal information deemed necessary to identify an individual, 
protect law enforcement officers, and identify and protect law 
enforcement subjects; and information relevant to responding to, 
mitigating, and recovering from disasters, emergencies, and 
catastrophes, as well as assisting in other humanitarian efforts. 
Records may also include uploaded documents supporting NCIC entries 
(e.g. warrants, protection orders, terms and conditions of probation/
supervised release, missing person reports). Specific files in the NCIC 
include:
    A. Vehicle File:
    1. Stolen vehicles, including aircraft and trailers.
    2. Vehicles wanted in conjunction with crimes.
    3. Vehicles subject to seizure based on federal court orders.
    B. License Plate File (Stolen).
    C. Boat File (Stolen).
    D. Vehicle/Boat Part File: Serially-numbered components of vehicles 
and boats reported to have been stolen.
    E. Gun File:
    1. Stolen guns.
    2. Recovered guns, when ownership has not been established.
    3. Lost guns.
    4. Guns believed to have been used during the commission of crimes.
    F. Article File (Stolen or Lost).
    G. Securities File: Serially numbered stolen, embezzled, used for 
ransom, or counterfeited securities.
    H. Wanted Person File: Described in ``Categories of Individuals 
Covered by the System: A (1-4).''
    I. Foreign Fugitive File: Described in ``Categories of Individuals 
Covered by the System: A. (5, 6).''
    J. National Sex Offender Registry: Described in ``Categories of 
Individuals Covered by the System: B.''
    K. The Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) 
Violent Felon File: Described in ``Categories of Individuals Covered by 
the System: C.'' (The ATF no longer enters data into this file, and 
these records have now been retired and are only accessible by the 
FBI.)
    L. Supervised Release File: Described in ``Categories of 
Individuals Covered by the System: D.''
    M. Immigration Violator File: Described in ``Categories of 
Individuals Covered by the System: E.''
    N. Missing Person File: Described in ``Categories of Individuals 
Covered by the System: F.''
    O. Protective Interest File: Described in ``Categories of 
individuals Covered by the System: G.''
    P. Gang File: Described in ``Categories of Individuals Covered by 
the System: H.''
    Q. Known or Suspected Terrorist File: Described in ``Categories of 
Individuals Covered by the System: I, J, and K.''
    R. Unidentified Person File: Described in ``Categories of 
Individuals Covered by the System: L.''

[[Page 47536]]

    S. Protection Order File: Described in ``Categories of Individuals 
Covered by the System: M.''
    T. Identity Theft File: Described in ``Categories of Individuals 
Covered by the System: O.''
    U. NICS Denied Transaction File: Described in ``Categories of 
Individuals Covered by the System: P.''
    V. Image File: Identifying images (e.g., mug shots; scars, marks, 
tattoos; property photos; signatures) and documents to help identify 
persons and property related to entries in other NCIC files.
    W. Violent Person File: Described in ``Categories of Individuals 
Covered by the System: Q.''
    X. System Tables and Charts: Although not part of particular files 
described herein, these tables and charts may contain data elements 
from the above files (e.g., license plate numbers, vehicle 
identification numbers); include individuals described in ``Categories 
of Individuals Covered by the System'' R, S, T, V, and W; and are used 
for system administration, investigative, and other authorized 
purposes.
    Y. Inactive Records: Records that are still generally available to 
all NCIC authorized users for historical reference after the records 
have expired or been cleared from the active NCIC files.
    Z. Retired Records: Records that have expired, been cleared, or 
been canceled from the active NCIC environment. These records are only 
directly accessible by FBI personnel and CJIS Systems Agencies.
    AA. Transaction Log: All transactions that enter, update, query, or 
access the records described above; rejected transactions; and system 
administrative messages. The Transaction Log now maintains the 
transaction history for the life of the system; however, the 
transaction history prior to 1990 was maintained for 10 years. 
Transaction logs may contain information regarding all ``Categories of 
Individuals.'' Search criteria from queries initiated by the National 
Instant Criminal Background Check System (NICS), JUSTICE/FBI-018, are 
not logged.

RECORD SOURCE CATEGORIES:
    Local, state, tribal, territorial, federal, foreign, and 
international governmental agencies and authorized non-governmental 
entities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    These records or information contained therein may be disclosed as 
routine uses pursuant to 5 U.S.C. 552a(b)(3) of the Privacy Act as 
described below. As routine uses specific to this system, the DOJ may 
disclose relevant system records or information to the extent such 
disclosures are compatible with a purpose for which the information was 
collected. Routine uses are not meant to be mutually exclusive and may 
sometimes overlap.
    A. To local, state, tribal, territorial, or federal law enforcement 
or criminal justice agencies (to include police, prosecution, penal, 
probation, or parole agencies, and the judiciary) or other authorized 
federal agencies where such disclosure:
    1. May assist the recipient in the performance of its law 
enforcement, criminal justice, or national security functions, to 
include the screening of employees, contractors, or applicants for 
employment by criminal justice agencies;
    2. May assist the FBI in performing a law enforcement or national 
security function;
    3. May promote, assist, or otherwise serve the mutual efforts of 
the law enforcement, criminal justice, and national security 
communities, such as site security screening of visitors to criminal 
justice facilities and military installations; or
    4. May serve a compatible civil law enforcement purpose.
    B. To authorized foreign governments or international agencies 
where such disclosure:
    1. May assist the recipient in the performance of its law 
enforcement, criminal justice, or national functions;
    2. May assist the FBI in performing a law enforcement or national 
security function;
    3. May promote, assist, or otherwise serve the mutual efforts of 
the international community; or
    4. May serve a compatible civil law enforcement purpose.
    C. To appropriate officials and employees of a federal agency or 
entity which requires information relevant to a decision concerning the 
hiring, appointment, or retention of an employee; the issuance, 
renewal, suspension, or revocation of a security clearance; the 
execution of a security or suitability investigation; the letting of a 
contract; or the issuance of a grant.
    D. To state and federal agencies when necessary to assist in 
detecting and preventing fraudulent receipt of government benefits 
(e.g., Department of Housing and Urban Development, Department of 
Veterans Affairs, or Social Security Administration).
    E. To the Department of State for the purpose of determining the 
eligibility of visa and passport applicants.
    F. To the Department of Homeland Security and its components for 
use in background investigations of individuals with access to secure 
areas of airports, aircraft, ports, and vessels; commercial drivers of 
hazardous materials; applicants for aircraft training; those 
responsible for screening airport passengers and property; those with 
security functions related to baggage and cargo; and other statutorily 
authorized populations.
    G. To authorized local, state, tribal, territorial, and federal 
agencies for the purposes of emergency child placement or emergency 
disaster response.
    H. To authorized non-governmental entities or subunits thereof that 
perform the administration of criminal justice for criminal justice 
purposes as defined in 28 CFR 20.3(b).
    I. To authorized local, state, tribal, territorial, federal, 
foreign, or international agencies for humanitarian purposes (e.g., 
vetting volunteers during natural disasters).
    J. To authorized agencies as required by federal statutes, 
treaties, executive orders and other presidential and executive 
directives, federal regulations, federal rules, or Attorney General 
Guidance.
    K. To authorized federal agencies for alien registration, 
immigration, naturalization, international travel, or similar matters 
related to national security.
    L. To designated points of contact at criminal justice agencies for 
background checks under the National Instant Criminal Background Check 
System (NICS).
    M. To local, state, tribal, territorial, or federal criminal 
justice officials for the conduct of firearms or explosives-related 
background checks when required to issue firearms or explosives-related 
licenses or permits according to a state statute or local ordinance, 
when checking firearms transferred to pawn shops, or when returning 
firearms to authorized recipients.
    N. To authorized non-criminal justice governmental agencies 
performing criminal justice dispatching functions or data processing/
information services for local, state, tribal, territorial, federal, or 
foreign criminal justice agencies.
    O. To private contractors pursuant to specific agreements with 
local, state, tribal, territorial, federal, or foreign criminal justice 
or authorized non-criminal justice agencies for the purpose of 
providing services for the administration of criminal justice as 
defined in 28 CFR 20.3(b).
    P. To the National Center for Missing and Exploited Children 
(NCMEC) when

[[Page 47537]]

acting within its statutory duty to support law enforcement agencies.
    Q. To local, state, tribal, territorial, and federal government 
social service agencies with child protection responsibilities for 
purposes of investigating or responding to reports of child abuse, 
neglect, or exploitation.
    R. To railroad or private college/university police departments or 
subunits thereof which perform, and allocate a substantial portion of 
their annual budget to, the administration of criminal justice and 
whose appropriately trained employees hold police powers under state 
law for the administration of criminal justice as defined in 28 CFR 
20.3(b).
    S. To civil or criminal courts for use in domestic violence or 
stalking cases.
    T. To social networking websites to prevent sex offenders from 
using these websites to entice children. This routine use applies only 
to disclosing records in the National Sex Offender Registry.
    U. To governmental and authorized non-governmental recipients of 
fingerprint-based background check results from the Next Generation 
Identification (NGI) System, when information in NCIC records may be 
relevant to authorized checks of the NGI System (e.g. criminal and non-
criminal justice background checks).
    V. To the National Insurance Crime Bureau (NICB), a nongovernmental 
nonprofit agency, for use toward its mission of acting as a national 
clearinghouse for information on stolen vehicles and offering free 
assistance to law enforcement agencies concerning automobile thefts, 
identification, and recovery of stolen vehicles.
    W. To authorized private organizations determined to be involved in 
the administration of criminal justice where the records are necessary 
and relevant to carry out the administration of a criminal justice 
function. This routine use is limited to disclosure of the NCIC 
property files.
    X. To local, state, tribal, territorial, and federal criminal 
justice agency officials for the purpose of screening visitors to 
critical infrastructure facilities.
    Y. To local, state, tribal, territorial, federal, foreign, or 
international licensing agencies or associations which require 
information concerning the suitability or eligibility of an individual 
for a license or permit.
    Z. To such agencies, entities, and persons as the FBI deems 
appropriate and relevant to ensure the continuity of government 
functions in the event of any actual or potential disruption of normal 
government operations. This use encompasses all situations in which 
government operations may be disrupted, including: Military, terrorist, 
cyber, or other attacks, natural or manmade disasters, and other 
national or local emergencies; inclement weather and other acts of 
nature; infrastructure/utility outages; failures, renovations, or 
maintenance of buildings or building systems; problems arising from 
planning, testing or other development efforts; and other operational 
interruptions. This also includes all related prevention activities, 
pre-event planning, preparation, backup/redundancy, training and 
exercises, and post-event operations, mitigation, and recovery.
    AA. To such agencies, entities, and persons as the DOJ or FBI may 
consider necessary or appropriate incident to development and testing 
of FBI information systems and system functionality and integrity, 
including prototype testing, operational testing, interoperability 
testing, and vulnerability testing.
    BB. To such agencies, entities, and persons as the FBI may consider 
necessary or appropriate for research or statistical purposes.
    CC. To any agency, entity, or person in either the public or 
private sector, domestic, foreign, or multinational, if deemed by the 
FBI to be reasonable and helpful to elicit information or cooperation 
from the recipient for use by the FBI in the performance of an 
authorized function.
    DD. If any system record, on its face or in conjunction with other 
information, indicates a violation or potential violation of law 
(whether civil or criminal), regulation, rule, order, or contract, the 
pertinent record may be disclosed to the appropriate entity (whether 
local, state, tribal, territorial, federal, foreign, or international), 
that is charged with the responsibility of investigating, prosecuting, 
and/or enforcing such law, regulation, rule, order, or contract.
    EE. To contractors, grantees, experts, consultants, students, or 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function.
    FF. To the news media or members of the general public in 
furtherance of a legitimate law enforcement or public safety function 
as determined by the FBI, e.g., to assist in locating fugitives; to 
provide notifications of arrests; to provide alerts, assessments, or 
similar information on potential threats to life, health, or property; 
or to keep the public appropriately informed of other law enforcement 
or FBI matters or other matters of legitimate public interest where 
disclosure could not reasonably be expected to constitute an 
unwarranted invasion of personal privacy. (The availability of 
information in pending criminal or civil cases will be governed by the 
provisions of 28 CFR 50.2.)
    GG. To a court or adjudicative body, in matters in which any of the 
following entities is or could be a party to the litigation, is likely 
to be affected by the litigation, or has an official interest in the 
litigation, and disclosure of system records has been determined by the 
FBI to be arguably relevant to the litigation: (a) The FBI or any FBI 
employee in his or her official capacity, (b) any FBI employee in his 
or her individual capacity where the Department of Justice has agreed 
to represent the employee, or (c) the United States. Similar 
disclosures may be made in analogous situations related to assistance 
provided to the Federal Government by non-FBI employees.
    HH. To an actual or potential party or his or her attorney for the 
purpose of negotiating or discussing such matters as settlement of the 
case or matter, and for formal or informal discovery proceedings, in 
matters in which the FBI has an official interest and in which the FBI 
determines records in the system to be arguably relevant.
    II. To such recipients and under such circumstances and procedures 
as are mandated by Federal statute, Executive Order, or treaty.
    JJ. To a requesting Member of Congress or a person on his or her 
staff acting on the Member's behalf when the request is made on behalf 
of and at the request of the individual who is the subject of the 
record.
    KK. To the National Archives and Records Administration (NARA) for 
records management inspections and such other purposes conducted under 
the authority of 44 U.S.C. 2904 and 2906.
    LL. To any agency, organization, or individual for the purposes of 
performing authorized audit or oversight operations of the FBI and 
meeting related reporting requirements.
    MM. The DOJ may disclose relevant and necessary information to a 
former employee of the Department for purposes of: Responding to an 
official inquiry by a local, state, or federal government entity or 
professional licensing authority, in accordance with applicable 
Department regulations; or facilitating communications with a former 
employee that may be necessary for personnel-related or other official 
purposes where the Department requires information and/or consultation

[[Page 47538]]

assistance from the former employee regarding a matter within that 
person's former area of responsibility. (Such disclosures will be 
effected under procedures established in title 28, Code of Federal 
Regulations, sections 16.300-301 and DOJ Order 2710.8C, including any 
future revisions.)
    NN. To the White House (the President, Vice President, their 
staffs, and other entities of the Executive Office of the President 
(EOP)), and, during Presidential transitions, the President-Elect and 
Vice-President Elect and their designees for appointment, employment, 
security, and access purposes compatible with the purposes for which 
the records were collected by the FBI, e.g., disclosure of information 
to assist the White House in making a determination whether an 
individual should be: (1) Granted, denied, or permitted to continue in 
employment on the White House Staff; (2) given a Presidential 
appointment or Presidential recognition; (3) provided access, or 
continued access, to classified or sensitive information; or (4) 
permitted access, or continued access, to personnel or facilities of 
the White House/EOP complex. System records may be disclosed also to 
the White House and, during Presidential transitions, to the President 
Elect and Vice-President Elect and their designees, for Executive 
Branch coordination of activities which relate to or have an effect 
upon the carrying out of the constitutional, statutory, or other 
official or ceremonial duties of the President, President Elect, Vice-
President or Vice-President Elect.
    OO. To complainants and/or victims to the extent deemed appropriate 
by the FBI to provide such persons with information and explanations 
concerning the progress and/or results of the investigations or cases 
arising from the matters of which they complained and/or of which they 
were victims.
    PP. To designated officers and employees of state, local (including 
the District of Columbia), or tribal law enforcement or detention 
agencies in connection with the hiring or continued employment of an 
employee or contractor, where the employee or contractor would occupy 
or occupies a position of public trust as a law enforcement officer or 
detention officer having direct contact with the public or with 
prisoners or detainees, to the extent that the information is relevant 
and necessary to the recipient agency's decision.
    QQ. To appropriate agencies, entities, and persons when (1) the 
Department suspects or has confirmed that there has been a breach of 
the system of records; (2) the Department has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, DOJ (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    RR. To another Federal agency or Federal entity, when the 
Department determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Computerized records are stored electronically on hard disk, 
removable storage devices or other digital media. Some information may 
be retained in hard copy format and stored in individual file folders 
and file cabinets with controlled access, and/or other appropriate GSA-
approved security containers.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information is retrieved by name or other identifying information. 
NCIC data may be directly accessed and retrieved by authorized NCIC 
users by means of remote on-line electronic queries submitted to the 
NCIC via authorized telecommunications channels. NCIC users are 
primarily located within the United States, but they also include 
United States users overseas, as well as foreign users in authorized 
foreign/international entities. NCIC data may also be retrieved by 
automated referral of queries made to other authorized interoperable 
systems, when the users of the other systems would also be authorized 
access to the NCIC. NCIC data may also be accessed and retrieved 
locally by authorized DOJ personnel. Information accessed locally may 
be used for authorized DOJ purposes, and/or may be forwarded to other 
authorized NCIC users for whom direct access is not available. 
Authorized FBI personnel and CJIS Systems Agencies (agencies which 
assume responsibility for and enforce system security with regard to 
all other agencies in a specific state or territory) have enhanced 
search capabilities and can retrieve all records within the NCIC.

POLICIES AND PROCEDURES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are maintained and disposed of in accordance 
with appropriate authority of the National Archives and Records 
Administration. Generally, records are kept for 110 years or until no 
longer needed for reference purposes. The NCIC transaction log will be 
maintained until the system is discontinued.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    A. NCIC records are controlled in accordance with OMB Circular A-
130 and National Institute of Standards and Technology 800-37 and 800-
53 requirements. Associated FBI information technology (IT) systems are 
certified and accredited pursuant to the Federal Information Security 
Modernization Act. The system's technical security design supports and 
secures IT functionality in accordance with federal guidelines and 
commercial best practices.
    B. The FBI is responsible for managing the communications between 
the NCIC and constituent user systems. Encryption is used to secure all 
communications between the NCIC and other FBI systems that are not co-
located with the system. Network boundary protections including 
firewalls, intrusion detection systems, and proxy devices are also 
deployed between FBI systems and the constituent systems. Any 
constituent system that is accessing the NCIC via a ``public network'' 
segment must meet the approved form of data encryption and 
authentication. All constituent IT systems with connectivity to the 
system must employ virus protection software.
    C. All FBI employees and contractors who will develop, manage, use, 
or operate an FBI system receive a computer security awareness briefing 
prior to being granted any type of FBI system access and are provided 
with security awareness and privacy training at least annually. All FBI 
employees receive a complete background investigation prior to being 
hired and other authorized system support personnel, such as 
contractors, receive comparable vetting. All FBI employees and system 
support personnel are cautioned not to divulge confidential information 
or any information contained in FBI files. Failure to abide by these 
provisions violates FBI

[[Page 47539]]

directives and DOJ regulations and may violate certain civil and 
criminal statutes.
    D. NCIC users are required to comply with the CJIS Security Policy, 
which establishes standards to ensure the confidentiality, integrity, 
and availability of system data throughout the user community. The CJIS 
Security Policy requires state and national fingerprint-based record 
checks upon initial employment or assignment for all personnel who have 
authorized access to the system and those who have direct 
responsibility to configure and maintain computer systems and networks 
with direct access to the system. User computer sites and related 
infrastructures must have adequate physical security at all times to 
protect against any unauthorized access to or routine viewing of 
computer devices, access devices, and printed and stored data. 
Automated logs must be maintained on all systems transactions and 
security audits for operational systems must be conducted at least once 
every three years.
    E. A CJIS Systems Agency (CSA) is a duly authorized local, state, 
tribal, territorial, federal, or foreign criminal justice agency on the 
CJIS network infrastructure providing state-wide (or equivalent) 
service to its users. The CSA is responsible for establishing and 
administering an IT security program throughout the CSA's user 
community. The CSA is responsible to set, maintain, and enforce the 
following: Standards for the selection, supervision, and separation of 
personnel who have CJIS systems access; policy governing the operation 
of hardware, software, and other components used to process, store, or 
transmit NCIC information to ensure the priority, integrity, and 
availability of service; security controls governing the operation of 
computers, circuits, and telecommunications terminals used to process, 
store, or transmit FBI data; and standards that provide for audits, the 
discipline of CJIS Security Policy violators, and the monitoring of 
networks accessing CJIS systems to detect security incidents. Each CSA 
must provide a signed written agreement to the FBI CJIS Division before 
participating in CJIS records information programs. This agreement 
includes the standards and sanctions governing utilization of CJIS 
systems.
    F. Each agency is assigned an originating agency identifier (ORI) 
to access the NCIC. The system creates and maintains transaction logs, 
which are monitored and reviewed to detect any possible misuse of 
system data. The FBI CJIS Audit Unit conducts a triennial compliance 
audit of each CSA and a sample of agencies served by the CSA to ensure 
compliance with the FBI CJIS Security Policy and other CJIS policies. 
The FBI CJIS Audit Unit may also conduct ad hoc audits based on reports 
of violations. In addition, each CSA is responsible for conducting its 
own compliance audits of the criminal and non-criminal justice agencies 
within the CSA's user community.

RECORD ACCESS PROCEDURES:
    The Attorney General has exempted this system of records from the 
notification, access, amendment, and contest procedures of the Privacy 
Act. These exemptions apply only to the extent that the information in 
this system is subject to exemption pursuant to 5 U.S.C. 552a (j) or 
(k). Where compliance would not appear to interfere with or adversely 
affect the purposes of the system, or the overall law enforcement/
intelligence process, the applicable exemption (in whole or in part) 
may be waived by the FBI in its sole discretion.
    All requests for access should follow the guidance provided on the 
FBI's website at https://www.fbi.gov/services/records-management/foipa. 
A request for access to a record from this system of records must be 
submitted in writing and comply with 28 CFR part 16. Individuals may 
mail, fax, or electronically submit a request, clearly marked ``Privacy 
Act Access Request,'' to the FBI, ATTN: FOI/PA Request, Record/
Information Dissemination Section, 170 Marcel Drive, Winchester, VA 
22602-4843; facsimile: 540-868-4995/6/7; electronically: https://www.fbi.gov/services/records-management/foipa/requesting-fbi-records. 
The request should include a general description of the records sought, 
and must include the requester's full name, current address, and date 
and place of birth. The request must be signed and dated and either 
notarized or submitted under penalty of perjury. While no specific form 
is required, requesters may obtain a form (Form DOJ-361) for use in 
certification of identity, which can be located at the above link. In 
the initial request, the requester may also include any other 
identifying data that the requester may wish to furnish to assist the 
FBI in making a reasonable search. The request should include a return 
address for use by the FBI in responding; requesters are also 
encouraged to include a telephone number to facilitate FBI contacts 
related to processing the request. A determination of whether a record 
may be accessed will be made after a request is received.

CONTESTING RECORD PROCEDURES:
    The Attorney General has exempted this system of records from the 
notification, access, amendment, and contest procedures of the Privacy 
Act. These exemptions apply only to the extent that the information in 
this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or 
(k). Where compliance would not appear to interfere with or adversely 
affect the purposes of the system, or the overall law enforcement/
intelligence process, the applicable exemption (in whole or in part) 
may be waived by the DOJ in its sole discretion.
    Individuals desiring to contest or amend information maintained in 
the system should direct their requests according to the RECORD ACCESS 
PROCEDURES paragraph above, stating clearly and concisely what 
information is being contested, the reasons for contesting it, and the 
proposed amendment to the information sought. The envelope and letter 
should be clearly marked ``Privacy Act Amendment Request'' and comply 
with 28 CFR 16.46 (Request for Amendment or Correction of Records). 
Some information may be exempt from contesting record procedures as 
described in the EXEMPTIONS PROMULGATED FOR THE SYSTEM paragraph, 
below. An individual who is the subject of a record in this system may 
amend those records that are not exempt. A determination whether a 
record may be amended will be made at the time a request is received.

NOTIFICATION PROCEDURES:
    Same as RECORD ACCESS PROCEDURES paragraph, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Attorney General has exempted this system from subsections 
(c)(3) and (4); (d); (e)(1), (2), (3), (4)(G), (H), and (I), (5), and 
(8); (f), and (g) of the Privacy Act, 5 U.S.C. 552a. These exemptions 
apply only to the extent that information in a record is subject to 
exemption pursuant to 5 U.S.C. 552a(j) and/or (k). Revisions to the 
previously enacted rules in 28 CFR 16.96 (g-i) are being proposed in 
accordance with the requirements listed in 5 U.S.C. 553(b), (c), and 
(e) and published in the Federal Register. In addition, the DOJ will 
continue to assert all exemptions claimed under 5 U.S.C. 552a(j) and/or 
(k), or other applicable lawful authority, by an originating agency 
from which the DOJ obtains records, where one or more reasons 
underlying an original exemption remain valid. A determination of 
whether a record will be exempted will be made at the time

[[Page 47540]]

a request for notice, access, and/or correction is received.

HISTORY:
    National Crime Information Center (NCIC), JUSTICE/FBI-001, 64 FR 
52343 (Sept. 28, 1999), as amended by 66 FR 8425 (Jan. 31, 2001), and 
82 FR 24147 (May 25, 2017).

[FR Doc. 2019-19449 Filed 9-9-19; 8:45 am]
 BILLING CODE 4410-CW-P