[Privacy Act Issuances (2005)]
[From the U.S. Government Publishing Office, www.gpo.gov]
DEPARTMENT OF HOMELAND SECURITY
Editorial Note: The Department of Homeland Security came into
existence on January 24, 2003. Many of its organizational elements
were transferred in whole or in part from other agencies. As of
December 31, 2003, the Department had not yet issued a complete
publication of all of its systems of records. The systems of records
shown below reflect only those Privacy Act documents published in the
Federal Register under the name of the Department of Homeland
Security between January 24, 2003 and December 31, 2003.
Table of Contents
Oral History Program: The History of the Department of Homeland
Security (DHS).
DHS-OIG-001 Department of Homeland Security (DHS) Office of
Inspector General (OIG) Audit Training Tracking System
DHS-OIG-002 Department of Homeland Security (DHS) Office of
Inspector General (OIG) Investigations Data Management System (IDMS).
DHS/ALL-001 Department of Homeland Security (DHS) Freedom of
Information Act (FOIA) and Privacy Act (PA) Record System.
DHS/ALL-002 DHS Mailing and Other Lists System
DHS/CRCL-001 Civil Rights and Civil Liberties (CRCL) Matters
DHS/FEMA/USFA-1 9/11 Heroes Stamp Act of 2001 File System.
DHS/IAIP-001 Homeland Security Operations Center Database
DHS/ICE-001
DHS/ICE-CBP-001-03
DHS/ICE-CBP-CIS-001-03
DHS/TSA-001 Transportation Security Enforcement Record System
(TSERS).
DHS/TSA-002 Transportation Workers Employment Investigations
System (TWEI).
DHS/TSA-003 Employee Transportation Facilitation Records
DHS/TSA-004 Personnel Background Investigation File System.
DHS/TSA-005 Internal Investigation Record System (IRS).
DHS/TSA-006 Correspondence and Matters Tracking Records (CMTR).
DHS/TSA-007 Freedom of Information Act and Privacy Act Record
System.
DHS/TSA-008 Transportation Security Administration Notification
Contact Lists.
DHS/TSA-009 General Legal Records (GLR).
DHS/TSA-012 Transportation Worker Identification Credentialing
(TWIC) System.
DHS/TSA-013 Federal Flight Deck Officer Record System (FFDORS).
DHS/TSA-014 Telecommunications Usage Detail Records.
DHS/TSA-015 Registered Traveler (RT) Operations Files.
DHS/TSA-016 Transportation Security Technology Testing System.
DHS/TSA-017 Secure Flight Test Records.
DHS/TSA-020 Safety Information System (SIS).
DHS/US-VISIT 001 Department of Homeland Security (DHS), United
States Visitor and Immigration Status Indicator Technology, Automated
Identification Management System (AIDMS)
Source: 68 FR 4056, Jan. 27, 2003, unless otherwise noted.
TMP-01
System name:
Oral History Program: The History of the Department of Homeland
Security (DHS).
System location:
U.S. Department of Homeland Security, Office of Public Affairs,
Washington, DC 20528.
Categories of individuals covered by the system:
DHS employees and former employees, including political
appointees, civilian, and military personnel assigned or detailed to
the DHS, and other individuals who volunteer to be interviewed for
the purpose of providing information for a history of DHS.
Categories of records in the system:
Records consist of oral history interviews that are stored on
magnetic tape. Records may also include transcriptions of some or all
of the interviews and photographs of some or all of the interviewees.
Interviews may include: a brief summary of the interviewee's
biographical information; the interviewee's occupational background
and position(s) at DHS; the interviewee's personal account and
recollection of the events of September 11, 2001; the interviewee's
account of the establishment and history of the Department; and the
interviewee's comments on the major issues dealt with during DHS
employment.
Authority for maintenance of the system:
44 U.S.C. 3101.
PURPOSE(S)
Interviews are conducted to support the DHS policy to inform its
current and future leadership and employees, and the U.S. public,
about the history of the Department. Interviews may be used as
resource documents in preparing news releases or other public
information material and may be used to respond to queries from
government officials or members of the public.
Routine uses of records maintained in the system, including
categories of users and the PURPOSE OF SUCH USES:
In addition to those disclosures generally permitted under 5
U.S.C. 552a(b) of the Privacy Act, all or a portion of these records
or information contained therein may specifically be disclosed
outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as
follows:
(1) To the Government Printing Office or other publishing offices
for production of a final document;
(2) To the news media and the public, unless it is determined
that release of the specific information would constitute an
unwarranted invasion of personal privacy;
(3) To the Department of Justice for the purpose of representing
the DHS or any officer, employee, or member of the Department in
pending or potential litigation to which the record is relevant and
necessary to the litigation;
(4) To a Congressional office from the record of an individual in
response to an inquiry from the Congressional office made at the
request of that individual;
(5) To the National Archives and Records Administration for
records management inspections conducted under the authority of 44
U.S.C. 2904 and 2906;
(6) To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
Government, when necessary to accomplish an agency function related
to this system of records;
(7) To the National Archives and/or other government libraries in
order to respond to inquiries about DHS.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are maintained on magnetic tape. Transcripts of
interviews may also be maintained in paper or electronic format.
Retrievability:
Information may be retrieved by subject, by the interviewee's
surname, or by the interviewee's DHS employment position title.
Safeguards:
The records are stored in a secure, guarded, gated facility, at
which a badge must be shown to enter. The records may be accessed and
used by employees only if there is a need to know the information to
perform official duties or with permission of the DHS Historian.
Retention and disposal:
DHS has sought an appropriate retention schedule from the
National Archives and Records Administration. Until that schedule is
approved, neither the recorded tapes nor any transcriptions may be
destroyed.
System manAGER AND ADDRESS:
Historian, U.S. Department of Homeland Security, Office of Public
Affairs, Washington, DC 20528.
Notification procedure:
Address inquiries to the System Manager named above.
RECORD ACCESS PROCEDURE:
A request for access to records in this system may be made by
writing to the System Manager, identified above, in conformance with
6 CFR Part 5, Subpart B, which provides the rules for requesting
access to Privacy Act records maintained by DHS.
Contesting record procedures:
Same as ``Records access procedure.''
Record source categories:
Information in this system of records is obtained from interviews
granted on a voluntary basis to the Historian and the Historian's
staff.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
DHS-OIG-001
System name:
Department of Homeland Security (DHS) Office of Inspector General
(OIG) Audit Training Tracking System
Security classification:
Unclassified.
System location:
This system of records is located in the OIG Office of Audits and
Office of Information Technology, 1120 Vermont Avenue, NW.,
Washington, DC 20528.
Categories of individuals covered by the system:
OIG auditors who are required to complete and track continuing
education courses.
Categories of records in the system:
Records received, created, and compiled that document training
requested and received by OIG auditors for purposes of continuing
professional education. Types of information in the records include
training registration and verification forms; course syllabi and
materials; Standard Forms 182 (Request, Authorization, and
Certification of Training); auditors' names and Social Security
Numbers; auditors' office addresses and telephone numbers; hours of
training completed; and names of training courses completed along
with dates, cost (including travel costs), hours, and location of
training.
Authority for maintenance of the system:
5 U.S.C. 301; 5 U.S.C. App. 3, section 4(b); Government Auditing
Standards at section 3.45 (2003 Revision), GAO-03-673G, June 2003.
Purpose(s):
The system is maintained for the purpose of tracking training
completed by OIG auditors to ensure that OIG has met the requirements
for continuing professional education under the Government
Accountability Office, Government Auditing Standards, section 3.45,
at 55 (2003)(GAO-03-673G; the ``Yellow Book''). OIG will use this
system of records to track training and ensure that the Yellow Book
standards are met.
Routine uses of these records:
In addition to those disclosures generally permitted under 5
U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
Government, when necessary to accomplish an agency function related
to this system of records.
(2) To a Federal, State, territorial, tribal, local,
international, or foreign agency or entity for the purpose of
consulting with that agency or entity (a) to assist in making a
determination regarding access to or amendment of information, or (b)
for the purpose of verifying the identity of an individual or the
accuracy of information submitted by an individual who has requested
access to or amendment of information.
(3) To the Department of Justice (DOJ) or other Federal agency
conducting litigation or in proceedings before any court,
adjudicative or administrative body, when: (a) DHS, or (b) any
employee of DHS in his/her official capacity, or (c) any employee of
DHS in his/her individual capacity where DOJ or DHS has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation.
(4) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
(5) To the National Archives and Records Administration or other
Federal Government agencies pursuant to records management
inspections being conducted under the authority of 44 U.S.C. 2904 and
2906.
(6) To a Federal, State, or local government entity or
professional licensing authority for purposes of responding to an
official inquiry relating to professional licensing or certification
requirements. Referral of information to State boards of accountancy
will be made only after the auditor has been notified that the OIG is
contemplating disclosing the information to an appropriate State
board of accountancy, and the auditor has been provided with an
opportunity to respond in writing to the OIG's findings.
(7) To appropriate persons engaged in conducting and reviewing
internal and external peer reviews of the OIG to ensure adequate
internal safeguards and management procedures exist or to ensure
auditing standards applicable to Government audits are applied and
followed.
(8) To the President's Council on Integrity and Efficiency (PCIE)
and other Federal agencies, as necessary, if the records respond to
an audit, investigation or review which is conducted pursuant to an
authorizing law, rule or regulation, and in particular those
conducted at the request of the PCIE pursuant to Executive Order No.
12993.
(9) To educational institutions for purposes of enrollment and
verification of employee attendance and performance.
(10) To an appropriate Federal, State, territorial, tribal,
local, international, or foreign agency law enforcement agency or
other appropriate authority charged with investigating or prosecuting
such a violation or enforcing or implementing such law, where a
record, either on its face or in conjunction with other information,
indicates a violation or potential violation of law (i.e. criminal,
civil, administrative, or regulatory).
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records in this system are stored on paper media and in digital
or other electronic form in a secure Local Area Network (LAN)-server
and/or Wide Area Network (WAN) environment.
Retrievability:
Records are retrieved by an identification number assigned by
computer, by the name of the OIG auditor, by course, and by audit
division.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies, including the DHS Information
Technology Security Program Handbook. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know, and using locks and
password protection identification features. OIG file areas are
locked after normal duty hours and facilities are protected from the
outside by security personnel.
Retention and disposal:
Records are retained and disposed of in accordance with the
National Archives and Records Administration General Records Schedule
1, Item 29, Transmittal No. 12 (July 2004). Files may be retained for
up to five years. For requests that result in litigation, the files
related to that litigation will be retained for three years after
final court adjudication.
System manager(s) and addresses:
The System Managers are System Manager/OIG Office of Technology
and System Manager/OIG Office of Audits, 1120 Vermont Avenue, NW.,
Washington, DC 20528.
Notification procedures:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedures:
A request for access to records in this system may be made by
writing to the System Manager identified above, in conformance with 6
CFR part 5, subpart B, which provides the rules for requesting access
to Privacy Act records maintained by DHS agencies.
Contesting record procedures:
Same as ``Record Access Procedures,'' above.
Record source categories:
Information contained in this system is obtained from OIG
auditors and government and non-government entities conducting
continuing professional education courses and conferences.
Exemptions claimed for the system:
None.
DHS-OIG-002
System name:
Department of Homeland Security (DHS) Office of Inspector General
(OIG) Investigations Data Management System (IDMS).
Security classification:
Classified, sensitive.
System location:
This system of records is located in the OIG Office of
Investigations in Washington, DC and in OIG field offices nationwide.
Categories of individuals covered by the system:
Individuals filing complaints of criminal, civil, or
administrative violations, including, but not limited to, fraud,
waste, or mismanagement; individuals alleged to have been involved in
such violations; individuals identified as having been adversely
affected by matters investigated by the OIG; individuals who have
been identified as possibly relevant to, or who are contacted as part
of an OIG investigation, including: (A) Current and former employees
of DHS; United States Department of the Treasury, United States
Department of Justice, and Federal Emergency Management
Administration legacy employees; and persons whose association with
current and former employees relate to alleged violations which
affect the integrity or facilities of the DHS; and, (B) witnesses,
complainants, confidential or non-confidential informants, suspects,
defendants, or parties who have been identified by the DHS OIG, other
DHS units, other agencies, or members of the general public in
connection with authorized OIG functions; and DHS OIG Office of
Investigations employees who are required to qualify with firearms
and receive government property.
Categories of records in the system:
Records include: (A) letters, memoranda, and other documents
citing complaints of alleged criminal or administrative misconduct;
(B) investigative files, which include: (1) Reports of investigation
resulting from allegations of misconduct or violations of law with
related exhibits, statements, affidavits, records or other pertinent
documents (including those obtained from other sources, such as
Federal, State, local, or foreign investigative or law enforcement
agencies and other government agencies) obtained during
investigations; (2) transcripts and documentation concerning requests
and approval for consensual (telephone and non-telephone) monitoring;
(3) reports from or to other law enforcement bodies; (4) prior
criminal or non-criminal records of individuals as they relate to
investigations; (5) subpoenas issued pursuant to OIG investigations
and legal opinions, advice, and other legal documents provided by
agency counsel; (6) reports of actions taken by management personnel
regarding misconduct allegations and reports of legal actions,
including actions resulting from violations of statutes referred to
the United States Department of Justice for prosecution; (7) records
involving the disposition of investigations and resulting agency
actions (e.g., criminal prosecutions, civil proceedings,
administrative action); and (8) other documentation and materials
created during the course of or arising out of OIG investigations;
and (C) property records and Firearms and Training qualification
records for all OIG Office of Investigations employees;
Records contain the name and/or other personal identifying
information for OIG Office of Investigations employees; names and
other personal identifying information for individuals who are
investigated or involved as complainants, witnesses, informants, or
otherwise in OIG investigations; and details relating to
investigations and complaints, such as the date of the complaint;
case number(s); name of the complainant; matters alleged; referral
documents; research materials; and other documentation.
Authority for maintenance of the system:
5 U.S.C.A. App. 3; 5 U.S.C. 301; 6 U.S.C. 101, 113(b), 555.
Purpose(s):
The records and information collected and maintained in this
system are used to receive and process allegations of violations of
criminal, civil, and administrative laws and regulations relating to
DHS programs, operations, and employees, as well as contractors and
other individuals and entities associated with the DHS; monitor case
assignments, disposition, status, and results; manage investigations
and information provided during the course of such investigations;
track actions taken by management regarding misconduct and other
allegations; track legal actions taken following referrals to the
United States Department of Justice for prosecution or litigation;
provide information relating to any adverse action or other
proceeding that may occur as a result of the findings of an
investigation; retrieve investigation results performed on
individuals covered in this system; provide a system for creating and
reporting statistical information; and to provide a system to track
OIG investigator's firearms qualification records and property
records.
ROUTINE USES OF THESE RECORDS:
In addition to those disclosures generally permitted under 5
U.S.C. 552a (b) of the Privacy Act, all or a portion of the records
or information contained in this system may be disclosed outside DHS
as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(A) To an appropriate Federal, State, territorial, tribal, local,
or foreign law enforcement agency, licensing entity, or other
appropriate authority charged with investigating, enforcing,
prosecuting, or implementing a law (criminal, civil, administrative,
or regulatory), where DHS becomes aware of an indication of a
violation or potential violation of such law or where required in
response to a compulsory legal process.
(B) To Federal intelligence community agencies and other Federal
agencies to further the mission of those agencies relating to persons
who may pose a risk to homeland security.
(C) To international governmental authorities in accordance with
law and formal or informal international agreement.
(D) To a court, magistrate, or administrative tribunal in the
course of presenting evidence, including disclosures to opposing
counsel or witnesses in the course of civil or criminal discovery or
proceedings, litigation, and settlement negotiations.
(E) To Federal, State, local, or foreign government entities or
professional licensing authorities responsible for investigating or
prosecuting the violations of, or for enforcing or implementing, a
statute, rule, regulation, order, or license, or where DHS OIG
becomes aware of an indication of a violation or potential violation
of civil or criminal law or regulation or where DHS has received a
request for information that is relevant or necessary to the
requesting entity's hiring or retention of an employee, or the
issuance of a security clearance, license, contract, grant, or other
benefit.
(F) To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
Government, when necessary to accomplish an agency function related
to this system of records.
(G) To the United States Department of Justice or other Federal
agency conducting litigation or in proceedings before any court,
adjudicative or administrative body, when: (a) DHS; (b) any employee
of DHS in his/her official capacity; (c) any employee of DHS in his/
her individual capacity where the Department of Justice or DHS has
agreed to represent the employee; or, (d) the United States or any
agency thereof, is a party to the litigation or has an interest in
such litigation.
(H) To third parties during the course of an investigation to the
extent necessary to obtain information pertinent to the
investigation.
(I) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
(J) To the National Archives and Records Administration or other
Federal Government agencies pursuant to records management
inspections being conducted under the authority of 44 U.S.C. 2904 and
2906.
(K) To appropriate persons engaged in conducting and reviewing
internal and external peer reviews of the OIG to ensure adequate
internal safeguards and management procedures exist or to ensure that
auditing standards applicable to Government audits are applied and
followed.
(L) To the President's Council on Integrity and Efficiency (PCIE)
and other Federal agencies, as necessary, if the records respond to
an audit, investigation or review which is conducted pursuant to an
authorizing law, rule or regulation, and in particular those
conducted at the request of the PCIE pursuant to Executive Order No.
12993.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records in this system are stored on paper media and in digital
or other electronic form in a secure Local Area Network (LAN) server
and/or Wide Area Network (WAN) environment.
Retrievability:
Paper media are retrieved alphabetically by name of subject or
complainant, by case number, and/or by special agent name and/or
employee identifying number. Electronic media are retrieved by the
name or identifying number for a complainant, subject, victim, or
witness; by case number; by special agent name or other personal
identifier; or by regional office designation.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies, including the DHS Information
Technology Security Program Handbook. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know and using locks and
password protection identification features. IDMS file areas are
locked at all times, and facilities are protected from the outside by
security personnel.
Retention and disposal:
Investigative files are stored at OIG's Office of Investigations
in Washington, DC, and in OIG field offices. OIG is in the process of
developing a records retention schedule in conjunction with the
National Archives and Records Administration (NARA).
System manAGER(S) AND ADDRESSES:
The System Manager is the Assistant Inspector General for
Investigations, OIG Office of Investigations/STOP 2600, 245 Murray
Drive, SW., Building 410, Washington, DC 20528.
NOTIFICATION PROCEDURES:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedures:
Same as ``Notification Procedures'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security's Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedures:
See ``Notification procedures'' and ``Record access procedures''
stated above.
Record source categories:
The information in this system of records is obtained from
sources including, but not limited to, the individual record
subjects; DHS officials and employees; employees of Federal, State,
local, and foreign agencies; and other persons and entities.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(j)(2) this system is exempt from the
following provisions of the Privacy Act: 5 U.S.C. 552a (c)(3) and
(4); (d); (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H), (e)(5) and
(e)(8); (f)(2) through (5); and (g). Pursuant to 5 U.S.C. 552a
(k)(1), (k)(2) and (k)(5), this system is exempt from the following
provisions of the Privacy Act, subject to the limitations set forth
in those subsections: 5 U.S.C. 552a (c)(3), (d), (e)(1), (e)(4)(G),
(e)(4)(H), and (f).
DHS/ALL 001
System name:
Department of Homeland Security (DHS) Freedom of Information Act
(FOIA) and Privacy Act (PA) Record System.
Security classification:
Classified, sensitive.
System location:
This system of records is located in the DHS Privacy Office,
Washington, DC 20528, as well as in the component FOIA/PA offices
listed in ``System Managers,'' below.
Categories of individuals covered by the system:
Individuals who submit FOIA and/or PA requests to DHS;
individuals who appeal DHS denial of their FOIA/PA requests;
individuals whose requests, appeals, and/or records have been
referred to DHS by other agencies; and, in some instances, attorneys
or other persons representing individuals submitting such requests
and appeals, individuals who are the subjects of such requests, and/
or DHS personnel assigned to handle such requests or appeals.
Categories of records in the system:
Records received, created, or compiled in response to FOIA/PA
requests or appeals, including: the original requests and
administrative appeals; intra- or inter-agency memoranda,
correspondence, notes and other documentation related to the
processing of the FOIA/PA request; correspondence with the
individuals or entities that submitted the requested records and
copies of the requested records, including when those records might
contain confidential business information or personal information.
Types of information in the records may include: Requesters' and
their attorneys' or representatives' names, addresses, telephone
numbers, and FOIA case numbers; names, office telephone numbers, and
office routing symbols of DHS employees; and names, telephone
numbers, and addresses of the submitter of the information requested.
The system also contains copies of all documents relevant to appeals
and lawsuits under FOIA and the PA.
Authority for maintenance of the system:
5 U.S.C. 301, 552, 552a; 44 U.S.C. 3101; E.O. 12958, as amended.
Purpose(s):
The system is maintained for the purpose of processing records
requests and administrative appeals under the FOIA as well as access
and amendment requests and appeals under the PA; for the purpose of
participating in litigation arising from such requests and appeals;
and for the purpose of assisting DHS in carrying out any other
responsibilities under the FOIA or the PA.
Routine uses of these records maintained in the system, including
categories of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5
U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) Where a record, either on its face or in conjunction with
other information, indicates a violation or potential violation of
law (i.e., criminal, civil or regulatory), the relevant records may
be referred to an appropriate Federal, state, territorial, tribal,
local, international, or foreign law enforcement agency or other
appropriate authority charged with investigating or prosecuting such
a violation or enforcing or implementing such law.
(2) To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
government, when necessary to accomplish an agency function related
to this system of records.
(3) To a Federal, state, territorial, tribal, local,
international, or foreign agency or entity for the purpose of
consulting with that agency or entity (a) to assist in making a
determination regarding access to or amendment of information, or (b)
for the purpose of verifying the identity of an individual or the
accuracy of information submitted by an individual who has requested
access to or amendment of information.
(4) To a federal agency or entity that furnished the record or
information for the purpose of permitting that agency or entity to
make a decision regarding access to or correction of the record or
information, or to a federal agency or entity for purposes of
providing guidance or advice regarding the handling of particular
requests.
(5) To the Department of Justice or other federal agency
conducting litigation or in proceedings before any court,
adjudicative or administrative body, when: (a) DHS, or (b) any
employee of DHS in his/her official capacity, or (c) any employee of
DHS in his/her individual capacity where DOJ or DHS has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation.
(6) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
(7) To the National Archives and Records Administration or other
Federal government agencies pursuant to records management
inspections being conducted under the authority of 44 U.S.C. 2904 and
2906.
(8) To the Department of Justice, including the United States
Attorney's Offices, or a consumer reporting agency for further
collection action on any delinquent debt when circumstances warrant.
(9) To the Office of Management and Budget or the Department of
Justice to obtain advice regarding statutory and other requirements
under the Freedom of Information Act or the Privacy Act of 1974.
Disclosure to consumer reporting agencies:
Privacy Act information may be reported to consumer reporting
agencies pursuant to 5 U.S.C. 552a(b)(12).
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records in this system are stored on paper and/or in digital or
other electronic form. Digital and other electronic images are stored
on a storage area network in a secured environment.
Retrievability:
Records are retrieved by the name, unique case identifier, social
security number, or alien identification number of the requester/
appellant or the attorney or other individual representing the
requester, or other identifier assigned to the request or appeal.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies, including the DHS Information
Technology Security Program Handbook. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know, using locks, and
password protection identification features. Classified information
is appropriately stored in accordance with applicable requirements.
DHS file areas are locked after normal duty hours and the facilities
are protected from the outside by security personnel.
Retention and disposal:
Records are retained and disposed of in accordance with the
National Archives and Records Administration's General Records
Schedule 14. Files may be retained for up to six years. For requests
that result in litigation, the files related to that litigation will
be retained for three years after final court adjudication.
System manager(s) and addresses:
I. For Headquarters components of the Department of Homeland
Security, the System Manager is the Director of Departmental
Disclosure, U.S. Department of Homeland Security, Washington, DC
20528.
II. For operational components that comprise the U.S. Department
of Homeland Security, the System Managers are as follows:
United States Coast Guard, FOIA Officer/PA System
Manager, Commandant, CG-611, U.S. Coast Guard, 2100 2nd
Street, SW., Washington, DC 20593-0001
United States Secret Service, FOIA Officer/PA System
Manager Suite 3000, 950 H Street, NW., Washington, DC
20223
United States Citizenship and Immigration Services,
ATTN: Records Services Branch (FOIA/PA), 111
Massachusetts Avenue, NW., 2nd Floor, Washington, DC
20529
Under Secretary for Emergency Preparedness and Response
(includes Federal Emergency Management Agency), FOIA
Officer/PA System Manager, 500 C Street, SW., Room 840,
Washington, DC 20472
Under Secretary for Border and Transportation Security,
Department of Homeland Security, C/o Departmental
Disclosure Officer, Privacy Office, Washington, DC
20528
United States Customs and Border Protection, FOIA
Officer/PA System Manager, Disclosure Law Branch,
Office of Regulations & Rulings, Ronald Reagan
Building, 1300 Pennsylvania Avenue, NW (Mint Annex).,
Washington, DC 20229
United States Immigration and Customs Enforcement, FOIA
Officer/PA System Manager, Office of Investigation,
Chester Arthur Building (CAB), 425 I Street, NW., Room
4038, Washington, DC 20538
Transportation Security Administration, FOIA Officer/PA
System Manager, Office of Security, West Building, 4th
Floor, Room 432-N, TSA-20, 601 South 12th Street,
Arlington, VA 22202-4220
Federal Protective Service, FOIA Officer/PA System
Manager, 1800 F Street, NW., Suite 2341, Washington, DC
20405
Federal Law Enforcement Training Center, Disclosure
Officer, 1131 Chapel Crossing Road, Building 94,
Glynco, GA 31524
Under Secretary for Science & Technology, FOIA Officer/
PA System Manager, Washington, DC 20528
Under Secretary for Information Analysis and
Infrastructure Protection, FOIA Officer/PA System
Manager, Washington, DC 20528
Under Secretary for Management, FOIA Officer/PA System
Manager, 7th and D Streets, SW., Room 4082, Washington,
DC 20472
Office of Inspector General, Records Management
Officer, Washington, DC 20528
Notification procedure:
To determine whether this system contains records relating to
you, write to the appropriate System Manager(s) identified above.
Record access procedures:
A request for access to records in this system may be made by
writing to the System Manager, identified above, in conformance with
6 CFR Part 5, Subpart B, which provides the rules for requesting
access to Privacy Act records maintained by DHS.
Contesting record procedures:
Same as ``Record Access Procedures,'' above.
Record source categories:
Information contained in this system is obtained from those
individuals who submit requests and administrative appeals pursuant
to the FOIA and the PA; the agency records searched and identified as
responsive in the process of responding to such requests and appeals;
Departmental personnel assigned to handle such requests and appeals;
other agencies or entities that have referred to DHS requests
concerning DHS records, or that have consulted with DHS regarding
handling of particular requests; and submitters or subjects of
records or information that have provided assistance to DHS in making
access or amendment determinations.
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(j)(2),
(k)(1), (k)(2) and (k)(5). When DHS is processing Privacy Act and/or
FOIA requests, responding to appeals, or participating in FOIA or
Privacy Act litigation, exempt materials from other systems of
records may become part of the records in this system. To the extent
that copies of exempt records from other systems of records are
entered into this system, DHS hereby claims the same exemptions for
those records that are claimed for the original primary systems of
records from which they originated.
DHS/ALL 002
System name:
DHS Mailing and Other Lists System
Security classification:
Sensitive
System location:
This system of records is located in the Department of Homeland
Security, Washington, DC 20528, as well as in the component DHS
offices listed in ``System Managers,'' below.
Categories of individuals covered by the system:
All persons appearing on mailing lists maintained throughout DHS
to facilitate mailings to multiple addressees and other activities in
furtherance of DHS duties. These lists include: Persons who have
requested DHS material; members of the news media; DHS employees and
the individual(s) they list as emergency contacts, former employees,
persons who serve on DHS boards and committees and other individuals
having business with DHS who have provided contact information;
individuals who enter contests sponsored by DHS; contractors or other
individuals who work or attend meetings at DHS; and other persons
with an interest in DHS programs, contests, exhibits, conferences,
training courses, and similar events.
Categories of records in the system:
Names, age, school grade, school name, home telephone numbers,
cellular phone numbers, pager numbers, numbers where individuals can
be reached while on travel or otherwise away from the office, home
addresses, electronic mail addresses, names and phone numbers of
family members or other contacts, position/title, business
affiliation (where appropriate); and other contact information
provided to the Department by individuals covered by this system of
records or derived from other sources.
Authority for maintenance of the system:
5 U.S.C. 301; 44 U.S.C. 3101.
Purpose(s):
The system is maintained for the purpose of mailing informational
literature to those who request it; maintaining lists of individuals
who attend meetings; maintaining contact and emergency contact
information for DHS employees and contractors working on site at DHS;
maintaining information regarding individuals who enter contests
sponsored by DHS; and for other purposes for which mailing or contact
lists may be created.
Routine uses of these records maintained in the system, including
categories of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5
U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) To DHS employees, contractors, consultants or others, when
necessary to perform a function or service related to this system of
records for which they have been engaged. Such recipients are
required to comply with the Privacy Act, 5 U.S.C. 552a, as amended.
(2) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
(3) To the National Archives and Records Administration or other
federal government agencies pursuant to records management
inspections being conducted under the authority of 44 U.S.C. 2904 and
2906.
(4) To the Department of Justice, United States Attorney's
Office, or a consumer reporting agency for further collection action
on any delinquent debt when circumstances warrant.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records in this system are on paper and/or in digital or other
electronic form. Digital and other electronic images are stored on a
storage area network in a secured environment.
Retrievability:
Information typically will be retrieved by an identification
number assigned by computer, by e-mail address, or by name of an
individual.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies, including the DHS Information
Technology Security Program Handbook. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know, using locks, and
password protection identification features. DHS file areas are
locked after normal duty hours and the facilities are protected from
the outside by security personnel.
Retention and disposal:
Some records are retained and disposed of in accordance with the
National Archives and Records Administration's General Records
Schedule 12 (Communications Records). Other records are retained and
disposed of in accordance with General Records Schedule 1. Files may
be retained for up to three years or less depending on the record.
For records that may be used in litigation, the files related to that
litigation will be retained for three years after final court
adjudication.
System manager(s) and addresses:
I. For Headquarters components of the Department of Homeland
Security, the System Manager is the Director of Departmental
Disclosure, U.S. Department of Homeland Security, Washington, DC
20528.
II. For operational components that comprise the U.S. Department
of Homeland Security, the System Managers are as follows:
United States Coast Guard, FOIA Officer/PA System Manager,
Commandant, CG-611, U.S. Coast Guard, 2100 2nd Street, SW.,
Washington, DC 20593-0001.
United States Secret Service, FOIA/PA System Manager, Suite
3000, 950 H Street, NW., Washington, DC 20223.
Under Secretary for Emergency Preparedness and Response
(includes Federal Emergency Management Agency), FOIA/PA System
Manager, 500 C Street, SW., Room 840, Washington, DC 20472.
Under Secretary for Border and Transportation Security,
Department of Homeland Security, c/o Departmental Disclosure Officer,
Privacy Office, Washington, DC 20528.
United States Citizenship and Immigration Services, U.S.
Citizenship and Immigration Services, ATTN: Records Services Branch
(FOIA/PA), 111 Massachusetts Ave, NW., 2nd Floor, Washington, DC
20529.
Bureau of Customs and Border Protection, FOIA/PA System
Manager, Disclosure Law Branch, Office of Regulations & Rulings,
Ronald Reagan Building, 1300 Pennsylvania Avenue, NW., (Mint Annex)
Washington, DC 20229.
Bureau of Immigration and Customs Enforcement, FOIA/PA System
Manager, Office of Investigation, Chester Arthur Building (CAB), 425
I Street, NW., Room 4038, Washington, DC 20538
Transportation Security Administration, FOIA/PA System Manager,
Office of Security, West Building, 4th Floor, Room 432-N, TSA-20, 601
South 12th Street, Arlington, VA 22202-4220
Federal Protective Service, FOIA/PA System Manager, 1800 F
Street, NW., Suite 2341, Washington, DC 20405
Federal Law Enforcement Training Center, Disclosure Officer,
1131 Chapel Crossing Road, Building 94, Glynco, GA 31524
Under Secretary for Science & Technology, FOIA/PA System
Manager, Washington, DC 20528
Under Secretary for Information Analysis and Infrastructure
Protection, Nebraska Avenue Complex, Building 19, 3rd floor,
Washington, DC 20528
Office of Inspector General, Records Management Officer,
Washington, DC 20528
Notification procedure:
To determine whether this system contains records relating to
you, write to the appropriate System Manager(s) identified above.
Record access procedures:
A request for access to records in this system may be made by
writing to the System Manager, identified above, in conformance with
6 CFR Part 5, Subpart B, which provides the rules for requesting
access to Privacy Act records maintained by DHS.
Contesting record procedures:
Same as ``Record Access Procedures,'' above.
Record source categories:
Information contained in this system is obtained from affected
individuals/organizations, public source data, other government
agencies and/or information already in other DHS records systems.
Exemptions claimed for the system:
None.
DHS/FEMA/USFA-1
System name:
9/11 Heroes Stamp Act of 2001 File System.
Security classification:
Unclassified.
System location:
The Access database will be operated at FEMA's facility located
at the U.S. Fire Administration, National Emergency Training Center
(NETC), 16825 South Seton Avenue, Emmitsburg, MD 21727. It will also
be operational from FEMA Headquarters at 500 C Street, SW., Room 832,
Washington, DC.
Categories of individuals covered by the system:
The system covers those individuals who claim benefits under the
9/11 Heroes Stamp Act of 2001 (i.e., emergency relief personnel
claiming to be permanently disabled or the personal representative of
emergency relief personnel who were killed as a result of the
terrorist related aircraft crashes of September 11, 2001.)
Categories of records in the system:
Records include application forms and other information submitted
in hard copy by the individual seeking benefits under the 9/11 Heroes
Stamp Act of 2001, or by the individual's personal representative if
the individual is deceased, and documents submitted in support of the
claims. This information may include an individual's medical,
personal, employment, financial and other records obtained or
generated to adjudicate the Heroes applications as well as September
11th Victim Compensation Fund claim numbers where applicable.
Authority for maintenance of the system:
9/11 Heroes Stamp Act of 2001, Public Law 107-67, section 652,
115 Stat. 514 (Nov. 12, 2001).
Purpose(s):
These records are collected or generated for the purpose of
determining an individual applicant's qualification for and/or
compensation to benefits under the 9/11 Heroes Stamp Act of 2001.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The information the applicant submits on his or her claim is for
official use only by FEMA for purposes of determining their
eligibility for benefits under the 9/11 Heroes Stamp Act. The Privacy
Act itself permits certain disclosures under 5 U.S.C. 552a(b), such
as to individuals within an agency who have a need for the
information in order to perform their duties. In addition to those
disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy
Act, all or a portion of the records or information contained in this
system may be disclosed outside DHS as a routine use pursuant to 5
U.S.C. 552a(b)(3) as follows:
A. To an agency, organization, or individual for the purposes of
performing authorized audit or oversight operations.
B. To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains or to a
Congressional Committee providing oversight or conducting an
investigation of this program.
C. To contractors, experts, consultants, and others performing or
working on a contract, service, grant, cooperative agreement, or
other assignment for the Federal Government, when necessary to
accomplish an agency function related to this system of records.
D. To the Department of Justice (DOJ), the United States
Attorney's Office, or a consumer-reporting agency for further
collection action on any debt in relation to the 9/11 Heroes Stamp
Act of 2001 when circumstances warrant.
E. Where a record, either on its face or in conjunction with
other information, indicates a violation or potential violation of
law--criminal, civil or regulatory--the relevant records may be
referred to an appropriate Federal, State, territorial, tribal,
local, international, or foreign agency law enforcement authority or
other appropriate agency charged with investigating or prosecuting
such a violation or enforcing or implementing such law.
F. To the Department of Justice or other Federal agency for
purposes of conducting litigation or proceedings before any court,
adjudicative or administrative body, when: (a) FEMA, or (b) any
employee of FEMA in his/her official capacity, or (c) any employee of
FEMA in his/her individual capacity where DOJ or FEMA has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation and when the records are determined by FEMA to be arguably
relevant to the proceeding. I20G. To the National Archives and
Records Administration (NARA) or other Federal Government agencies
pursuant to records management inspections being conducted under the
authority of 44 U.S.C. sections 2904 and 2906.
H. To the Department of Justice for purposes of verifying the
consistency of information on Heroes Fund applications with
information submitted to the Department of Justice under the
September 11th Victim Compensation Fund of 2001.
I. To other Federal, State, local or private agencies or entities
as necessary to determine eligibility of applicants for benefits
under the Heroes Fund.
Disclosure to consumer reporting agencies:
Privacy Act information may be reported to consumer reporting
agencies pursuant to 5 U.S.C. 552a(b)(12).
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The database will be operated at FEMA's facility located at the
U.S. Fire Administration, NETC, 16825 South Seton Avenue, Emmitsburg,
MD 21727, and it will be operational from FEMA Headquarters at 500 C
Street, SW., Room 832, Washington, DC 20472. FEMA Headquarters
manages data use at all locations. Data consistency is maintained by
regular replication of data among the sites and the consolidated
master database via automated procedures. FEMA has a configuration
management process that is used to deploy the application in a
consistent manner throughout the enterprise.
Copies of paper applications as well as information maintained
electronically are stored in a work area that is locked when it is
not staffed. The doors to the work area are kept closed. There is
limited access given to persons who have a need to have access to the
information to perform their official duties. Computerized records
are stored in a database server in a secured file server room.
Electronic records are stored on a file server in another building
and backed up nightly.
Retrievability:
Files and automated data are retrieved by name and/or Social
Security Number of an individual applicant/claimant or personal
representative of a claimant, and the name of the deceased, case file
number, and/or Social Security Number.
Safeguards:
Use of the Access database will be carefully monitored and
reviewed on a periodic basis by the system administrator.
FEMA employs software programs that monitor host and network
traffic to identify unauthorized attempts to upload or change
information or otherwise cause damage by individuals or group of
individuals. Unauthorized attempts to upload information or change
information are prohibited and may be punishable under the Computer
Fraud and Abuse Act of 1986 and the National Information
Infrastructure Protection Act.
The system has an audit trail of the changes made to the
application and the user information associated with that change.
Hence, the ability to monitor unauthorized access is provided.
Information in this system is safeguarded in accordance with
applicable laws, rules and policies, including the DHS Information
Technology Security Program Handbook. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know, using locks, and
password protection identification features. DHS file areas are
locked after normal duty hours and the facilities are protected from
the outside by security personnel.
Retention and disposal:
The paper copy of the application and supporting documentation,
which are completed by the individual, constitute the official copy
of the records. The database is kept in support of the paper copy.
FEMA will treat the disposition of these records--hard copies of the
application and supporting documentation and any data that is input
and stored in any electronic databases--the same way. The data in the
system are considered permanent Federal Government records, as, 9/11
records are permanent records. This means that NARA will not destroy
them once FEMA retires the records to NARA. FEMA's disposition
schedule, which is pending NARA approval under job number N1-311-04-
05, would retire records to NARA 1 year and 6 months after the
closure of the file.
System manager and address:
Office of the Administrator, USFA, NETC, 16825 South Seton
Avenue, Emmitsburg, MD 21727.
Notification procedure:
A request for access to records in this system may be made by
writing to the System Manager, identified above, in conformance with
6 CFR part 5, subpart B and 44 CFR part 6, which provides the rules
for requesting access to Privacy Act records.
Record access procedures:
Same as Notification Procedure above.
Contesting record procedures:
Same as Notification Procedure above. State clearly and concisely
the information being contested, the reasons for contesting it, and
the proposed amendment to the information sought.
Record source categories:
The information will come from the individual applicants and/or
their personal representative, if applicable, and their employer or
volunteer organization, and financial institution. Information may
also be obtained from Federal, State or local administrative bodies
or private insurers that have made relevant determinations regarding
the disability of individual applicants or their death.
Exemption claimed for the system:
None.
DHS/IAIP-001
System name:
Homeland Security Operations Center Database
Security classification:
Classified; sensitive
System location:
Records are maintained at the Homeland Security Operations
Center, Office of the Undersecretary for Information Analysis and
Infrastructure Protection, Department of Homeland Security,
Washington, DC 20528.
Category of Individuals covered by the system:
Individuals who have been linked in any manner to potential
terrorism, to other domestic incidents with homeland security
implications, or whose behavior arouses reasonable suspicion of
possible terrorist activity; individuals who are the subject of
information pertaining to terrorism and/or homeland security;
individuals who offer information pertaining to terrorism and/or
homeland security; individuals who request assistance or information;
or individuals who make inquiries concerning possible terrorist
activity. The system will also contain information about individuals
who are or have been associated with DHS homeland security operations
or with DHS administrative operations.
Categories of records in the system:
Intelligence information obtained from agencies and components of
the Federal Government, foreign governments, organizations or
entities, international organizations, state and local government
agencies (including law enforcement agencies), and private sector
entities; information provided by individuals, regardless of the
medium used to submit the information; information obtained from the
Terrorist Screening Center or on terrorist watch lists about
individuals known or reasonably suspected to be engaged in conduct
constituting, preparing for, aiding, or relating to terrorism;
results of intelligence analysis and reporting; ongoing law
enforcement investigative information; information systems security
analysis and reporting; historical law enforcement information;
operational and administrative records; financial information; and
public source data such as that contained in media reports and
commercial databases. Data about the providers of information,
including the means of transmission of the data, will also be
retained.
Authority for maintenance of the system:
5 U.S.C. 301, 552, 552a; Section 201 of the Homeland Security Act
of 2002, Pub. L. 107-296, 116 Stat. 2145 (Nov. 25, 2002), as amended
(6 U.S.C. 121); 44 U.S.C. 3101; E.O. 12958; E.O. 9397.
Purpose(s):
This record system is maintained to collect, access, and analyze
law enforcement information, intelligence information, and other
information from agencies of the Federal Government, foreign
governments, international organizations, state and local government
agencies (including law enforcement agencies), and private sector
entities or individuals; and to integrate such information in order
to: detect, identify and assess the nature and scope of terrorist or
other threats to the United States; and understand such threats in
light of actual and potential vulnerabilities of the homeland.
Routine uses of records maintained in the System:
In addition to those disclosures generally permitted under 5
U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. If the record, on its face or in conjunction with other
information, indicates a violation or potential violation of any law,
regulation, rule, order, or contract, the record may be disclosed to
the appropriate entity, whether federal, state, local, joint, tribal,
foreign, or international, that is charged with the responsibility of
investigating, prosecuting and/or enforcing such law, regulations,
rule, order or contract.
B. To a Federal, state, local, joint, tribal, foreign,
international or other public agency or organization, or to any
person or entity in either the public or private sector, domestic or
foreign, where such disclosure may promote assist or otherwise serve
homeland or national security interests.
C. To an organization or individual in either the public or
private sector, where there is a reason to believe that the recipient
is or could become the target of a particular terrorist activity or
conspiracy, to the extent the information is relevant to the
protection of life or property.
D. To recipients under circumstances and procedures as are
mandated by Federal statute, treaty, or international agreement.
E. To the news media or members of the general public in
furtherance of a function related to homeland security as determined
by the system manager where disclosure could not reasonably be
expected to constitute an unwarranted invasion of privacy.
F. To the Department of Justice or other federal agency
conducting litigation or in proceedings before any court,
adjudicative or administrative body, when: (a) DHS, or (b) any
employee of DHS in his/her official capacity, or (c) any employee of
DHS in his/her individual capacity where DOJ or DHS has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation.
G. To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
H. To the National Archives and Records Administration or other
federal government agencies pursuant to records management
inspections being conducted under the authority of 44 U.S.C. Sections
2904 and 2906.
I. To contractors, grantees, experts, consultants, volunteers,
and others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
government, when necessary to accomplish an agency function related
to this system of records.
J. To an agency, organization, or individual for the purposes of
performing authorized audit or oversight operations.
K. To a Federal, state, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a Department of Homeland Security decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
reporting of an investigation of any employee, the letting of a
contract, or the issuance of a license, grant, or other benefit.
L. To a Federal, state, local, tribal, territorial, foreign, or
international agency, in response to its request, in connection with
the hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the information
is relevant and necessary to the requesting agency's decision on the
matter.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records in this system are stored electronically at the HSOC in a
secure facility. The records are stored on magnetic disc, tape,
digital media, and CD-ROM, and may also be retained in hard copy
format in secure folders.
Retrievability:
Data may be retrieved by the individual's name or other
identifier.
Safeguards:
Information in this system is safeguarded in accordance with
applicable rules and policies, including any applicable IAIP and DHS
automated systems security and access policies. Strict controls have
been imposed to minimize the risks of compromising the information
that is being stored. Access to the computer system containing the
records in this system is limited to those individuals specifically
authorized and granted access by DHS regulations, who hold
appropriate security clearances, and who have a need to know the
information in the performance of their official duties. The system
also maintains a real-time auditing function of individuals who
access the system. Classified information is appropriately stored in
a secured facility, in secured databases and containers, and in
accordance with other applicable requirements, including those
pertaining to classified information. Access is limited to authorized
personnel only.
Retention and disposal:
IAIP is working with the National Archives and Records
Administration to obtain approval of a records retention and disposal
schedule to cover records in the HSOC database. IAIP has proposed a
short retention schedule for these records.
System manager(s) and address:
Director, Disclosure Office, Office of the Chief of Staff, Office
of the Undersecretary for Information Analysis and Infrastructure
Protection, Department of Homeland Security, Washington, D.C. 20528.
Notification Procedures:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Records Access Procedures:
A request for access to records in this system may be made by
writing to the System Manager, identified above, in conformance with
6 CFR Part 5, Subpart B, which provides the rules for requesting
access to Privacy Act records maintained by DHS.
Contesting record procedures:
Same as ``Record Access Procedures,'' above.
Record source categories:
Information contained in this system is obtained from subject
individuals, other agencies and organizations, both domestic and
foreign, media, including periodicals, newspapers, and broadcast
transcripts and public and classified reporting, privacy
organizations and individuals, intelligence source documents,
investigative reports, and correspondence.
Exemptions Claimed for the System:
Portions of this system are exempt under 5 U.S.C. 552a((j)(2),
(k)(1), and (k)(2).
DHS/CRCL 001
System name:
Civil Rights and Civil Liberties (CRCL) Matters
System location:
Office of Civil Rights and Civil Liberties, Department of
Homeland Security (DHS), Washington, DC 20528.
Categories of individuals covered by the system:
Persons who contact CRCL to allege abuses of civil rights and
civil liberties, or to allege racial or ethnic profiling by DHS, its
employees, contractors, grantees, or others acting under the
authority of the Department; persons alleged to be involved in civil
rights or civil liberties abuses or racial or ethnic profiling,
victims or witnesses to such abuse; third parties not directly
involved in the alleged incident, but identified as relevant persons
to an investigation; and DHS employees and contractors.
Identifying data contained in this information may include, but
is not limited to: The name of persons making a report; home or work
address, telephone number, e-mail address; social security number;
alien registration number; and other unique identifiers assigned to
the information.
Categories of records in the system:
Records in this system consist of complaints, comments,
investigative notes and memoranda, correspondence, evidentiary
documents and material, and reports relating to the resolution of
complaints. The system also contains similar information relating to
witnesses, persons involved in the alleged incident or other persons
with relevant information.
Authority for maintenance of the system:
6 U.S.C. 345; 44 U.S.C. 3101.
Purpose(s):
The purpose of this system is to allow the Officer for Civil
Rights and Civil Liberties and staff to maintain relevant information
necessary to review complaints or comments about alleged civil rights
or civil liberties violations, or racial or ethnic profiling tied to
the Department's activities. The system will also track and maintain
investigative files and records of complaint resolution and other
matters, and facilitate oversight and accountability of the
Department's civil rights and civil liberties complaint resolution
mechanisms.
Routine uses of these records maintained in the system, including
categories of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5
U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) To another federal agency with responsibility for labor or
employment relations or other matters, when that agency has
jurisdiction over matters reported to CRCL;
(2) Where a record, either on its face or in conjunction with
other information, indicates a violation or potential violation of
law (i.e. criminal, civil or regulatory) the relevant records may be
referred to an appropriate Federal, state, territorial, tribal,
local, international, or foreign agency law enforcement agency or
other appropriate authority charged with investigating or prosecuting
such a violation or enforcing or implementing such law;
(3) To an organization or individual in either the public or
private sector, either foreign or domestic, where there is a reason
to believe that the recipient is or could become the target of a
particular terrorist activity or conspiracy, to the extent the
information is relevant to the protection of life or property;
(4) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains;
(5) To a former employee of the Department for purposes of:
responding to an official inquiry by a federal, state, or local
government entity or professional licensing authority, in accordance
with applicable Department regulations; or facilitating
communications with a former employee that may be necessary for
personnel-related or other official purposes where the Department
requires information and/or consultation assistance from the former
employee regarding a matter within that person's former area of
responsibility;
(6) To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
government, when necessary to accomplish an agency function related
to this system of records;
(7) To the National Archives and Records Administration, or other
federal government agencies pursuant to records management operations
conducted under the authority of 44 U.S.C. 2904 and 2906;
(8) To the Department of Justice or other federal agency
conducting litigation or in proceedings before any court,
adjudicative or administrative body, when (a) DHS, or (b) any
employee of DHS in his/her official capacity, or (c) any employee of
DHS in his/her individual capacity where DOJ or DHS has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and DHS determines that disclosure is relevant and
necessary to the litigation.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are stored in an electronic database or paper media
and may include physical objects as exhibits.
Retrievability:
Information may be retrieved by name, incident code, unique
personal identifier, or other identifying data.
Safeguards:
Records are stored in a secure, guarded, facility, at which a
badge must be shown to enter. The storage area is locked when not
attended by CRCL personnel. Electronic records are maintained in
accordance with DHS security policies contained in the DHS
Information Technology Security Program Handbook and the DHS
Sensitive Systems Handbook. Electronic records are password-protected
and can only be accessed from a DHS work station. All CRCL personnel
are briefed prior to gaining initial access and annually thereafter.
Retention and disposal:
These records are governed by General Records Schedule 1, Item 25
and will be retained and disposed of in accordance with that
schedule.
System manager(s) and address:
Officer for Civil Rights and Civil Liberties, U.S. Department of
Homeland Security, Washington, DC 20528.
Notification procedure:
Address inquiries to the System Manager named above.
Record access procedure:
A request for access to records in this system may be made by
writing to the System Manager, identified above, in conformance with
6 CFR Part 5, Subpart B, which provides the rules for requesting
access to Privacy Act records maintained by DHS.
Contesting record procedure:
Same as ``Records access procedure.''
Record source categories:
Information in this system of records is obtained from
correspondence, telephone calls, e-mails, facsimiles, or other means
of reporting allegations of civil rights or civil liberties abuses,
or racial or ethnic profiling.
Exemptions claimed for the system:
Certain portions of CRCL's files containing information relating
to ongoing criminal investigations or national security activities
may be exempt from disclosure pursuant to 5 U.S.C. 552a(k)(1), (k)(2)
and (k)(5).
DHS/ICE 001
System name:
Department of Homeland Security (DHS), United States Immigration
and Customs Enforcement (ICE), Student and Exchange Visitor
Information System (SEVIS).
System location:
SEVIS is an electronic system. The hardware for the system is
physically housed in a government-secured facility located in
Rockville, Maryland and at a contingency site. The system is
accessible via Internet or Intranet by DHS offices at Headquarters,
Regional and District offices, Service Centers, sub-offices, Ports-
of-Entry and foreign offices. The system is also accessible via
Internet by designated school officials and responsible officers of
exchange visitor programs that input information on students and
exchange visitors into the system. Additionally, the system is
accessed directly by DHS approved elements of Department of State
(DoS) and by the Federal Bureau of Investigation (FBI).
Categories of individuals covered by the system:
SEVIS contains information on nonimmigrants who have applied for
and been granted F-1, M-1 and J-1 visas to enter the United States as
students or exchange visitors and their dependents who have been
granted F-2, M-2, and J-2 visas.\1\ Some of the individuals whose
information is contained in SEVIS may become United States citizens
or legal permanent residents. SEVIS also contains records relating to
the certified schools, designated sponsors, as well as individual
hosts of students and exchange visitors in the United States.
---------------------------------------------------------------------------
\1\ F nonimmigrants are foreign students pursuing a full course of
study in a college, university, seminary, conservatory, academic high
school, private elementary school, other academic institution, or
language training program in the United States that has been approved
to enroll foreign students. J nonimmigrants are foreign nationals who
have been selected by a sponsor designated by the DoS to participate
in an exchange visitor program in the United States. M nonimmigrants
are foreign students who are pursuing a full course of study in a
vocational school or other recognized nonacademic institution in the
United States that has been certified to enroll foreign students.
---------------------------------------------------------------------------
Categories of records in the system:
SEVIS contains biographical information relating to students and
exchange visitors including name, date and place of birth, country of
citizenship, current address where the student/exchange visitor and
his or her dependents physically reside, current academic status,
date of commencement of studies, degree program and field of study,
whether the student has been certified for practical training, and
the beginning and end dates of certification, termination date and
reason, number of credits (if known) completed each semester, and
information from the Certificate of Eligibility, Forms I-20 or DS-
2019. SEVIS also maintains records on the DHS certified schools and
DoS designated sponsors in the United States that host F, M and J
nonimmigrants, which includes certified school/designated sponsor
name, status, address, course of study or program costs, Designated
School Official/Responsible Officer contact information, and programs
and/or courses of study. Certified schools are those public/private
educational institutions that have been approved by DHS to accept
nonimmigrant F and M visa category students. Designated sponsors are
those government and non-government organizations/agencies/
institutions that have been designated by DoS to administer one or
more J visa category nonimmigrant exchange visitor programs.
Authority for maintenance of the system:
Public Law 107-173, Enhanced Border Security and Visa Entry
Reform Act of 2002; Public Law, 107-56, USA PATRIOT Act; Public Law
104-208, Illegal Immigration Reform and Immigrant Responsibility Act
(IIRIRA) of 1996; the Immigration and Nationality Act (INA), as
amended; 8 CFR part 214 and 22 CFR part 514.
PURPOSE (S) OF THE SYSTEM:
SEVIS is a system of records tracking F, M and J nonimmigrants
and their dependents during their stay in the United States. It
enables the Secretary of Homeland Security to monitor the progress
and status of lawfully admitted F, M, and J visa category
nonimmigrants residing in the United States, and to analyze all the
information gathered for purposes of homeland security, law
enforcement, immigration control and other mission-related functions.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5
U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To appropriate Federal, State, local, foreign, international
or tribal government agencies or organizations that are lawfully
engaged in collecting law enforcement intelligence information
(whether civil or criminal) and/or charged with investigating,
prosecuting, enforcing or implementing civil and/or criminal laws,
related rules, regulations or orders, to enable these entities to
carry out their law enforcement responsibilities.
B. To an attorney or representative who is acting on behalf of an
individual covered by this system of records for use in any
proceeding before the Executive Office for Immigration Review.
C. To a Congressional office from the record of an individual in
response to an inquiry from that Congressional office made at the
request of the individual to whom the record pertains.
D. To the National Archives and Records Administration or other
federal government agencies pursuant to records management
inspections being conducted under the authority of 44 U.S.C. Sections
2904 and 2906.
E. To the Department of Justice or other federal agency
conducting litigation or in proceedings before any court,
adjudicative or administrative body, when: (a) DHS, or (b) any
employee of DHS in his/her official capacity, or (c) any employee of
DHS in his/her individual capacity where DOJ or DHS has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation.
F. To contractors, grantees, experts, consultants, volunteers,
and others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
government, when necessary to accomplish an agency function related
to this system of records.
G. To a former employee of the Department for purposes of:
responding to an official inquiry by a federal, state, or local
government entity or professional licensing authority, in accordance
with applicable Department regulations; or facilitating
communications with a former employee that may be necessary for
personnel-related or other official purposes where the Department
requires information and/or consultation assistance from the former
employee regarding a matter within that person's former area of
responsibility.
H. To an agency, organization, or individual for the purposes of
performing authorized audit or oversight operations.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The information in the system is maintained in an automated
database in electronic format. A record, or any part thereof, may be
printed and stored in the applicant's alien file (A-file.) \2\
---------------------------------------------------------------------------
\2\ The system notice for the A-file is JUSTICE/INS-001A, last
published in the Federal Register on September 7, 2001 (66 FR 46812).
---------------------------------------------------------------------------
Retrievability:
DHS indexes and will retrieve SEVIS records by a number of data
elements relating to the students and exchange visitors contained in
the system including the name, unique SEVIS identification number
assigned to the subject, and date of birth. Records on DHS certified
schools and DoS designated sponsors can be retrieved by similar data
elements relating to the respective institution or organization.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules, and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know, using locks, and
password protection identification features. The system is also
protected through a multi-layer security approach. The protective
strategies are physical, technical, administrative and environmental
in nature and provide access control to sensitive data, physical
access control to DHS facilities, confidentiality of communications,
authentication of sending parties, and personnel screening to ensure
that all personnel with access to data are screened through
background investigations commensurate with the level of access
required to perform their duties. SEVIS was specifically designed to
be accessed by non-government users (certified schools and designated
sponsors) so they could create the records and populate the database.
Specific safeguards have been put in place to ensure the integrity of
the school certification, sponsor designation, and ID/password
issuance/access processes.
Retention and disposal:
The National Archives and Records Administration (NARA) approved
a retention schedule for SEVIS records, N1-563-04-1, on February 11,
2004. Under this retention schedule, four types of data files are
retained for SEVIS: (1) Batch data temporary files (containing
student records) are retained for a period not to exceed one year.
These files are held temporarily on a server within the DoJ data
center; (2) student/ exchange visitor data files residing in SEVIS
are backed-up daily and retained/archived for 75 years; (3) certified
school and designated sponsor data files residing in SEVIS proper are
backed-up daily and retained/archived for 75 years; and (4) beta test
files are retained for 60 days on-line. For historical purposes, and
because specific immigration law enforcement or benefit case file
research can span decades, DHS/ICE maintains SEVIS records in
accordance with the above disposition schedule for their entire 75-
year retention period. If the data becomes too large it will be
copied onto electronic media and stored at the DOJ Data Center in
Rockville, MD or Dallas, TX. At the end of the retention period,
files are electronically expunged from fileservers and Compact Disks
(CDs) through degaussing, a method of erasing magnetic media and the
removal of remnants of previously recorded signals.
System manager(s) and address:
SEVIS Program Manager, Student and Exchange Visitor Program
(SEVP), 800 K Street, NW., Suite 1000, Washington, DC 20536.
NOTIFICATION PROCEDURES:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedures:
Requests for access must be in writing and should be addressed to
the System Manager above, the ICE FOIA office, or DHS Privacy Office.
Requests should conform to the requirements of 6 CFR part 5, Subpart
B, which provides the rules for requesting access to Privacy Act
records maintained by DHS. The envelope and letter should be clearly
marked ''Privacy Act Access Request.'' The request should include a
general description of the records sought and must include the
requester's full name, current address, and date and place of birth.
The request must be signed and either notarized or submitted under
penalty of perjury. Some information may be exempt from access
provisions as described in the section entitled ``Systems Exempted
from Certain Provisions of the Act.'' An individual who is the
subject of a record in this system may access those records that are
not exempt from disclosure. A determination whether a record may be
accessed will be made at the time a request is received.
Contesting record procedures:
Same as ``Notification Procedures'' and ``Record Access
Procedures,'' above.
Record source categories:
Information in this system is obtained from DHS certified schools
and DOS designated exchange visitor program sponsors, which provide
information on their nonimmigrant students and exchange visitors. The
certified schools and designated sponsors collect the required
information from individual applicants and enter that data into
SEVIS. Additional information is collected on nonimmigrant students
and exchange visitors when they enter or exit the United States. This
information is provided to SEVIS via system interfaces. Throughout
the individual's stay in the United States, Designated School
Officials (DSOs) and Responsible Officials (ROs) at the certified
schools and designated sponsors are required to update SEVIS with
current information on the F, M, and J nonimmigrants.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Certain portions or all of these records may be exempt from
disclosure pursuant to 5 U.S.C. 552a(k)(2).
DHS/ICE CBP-001-03
System name:
Arrival and Departure Information System (ADIS).
System location:
Department of Homeland Security (DHS) field offices for the U.S.
Immigration and Customs Enforcement (ICE), Bureau of Customs and
Border Protection (CBP), and the U.S. Citizenship and Immigration
Services (USCIS); Service Centers; Border Patrol Sectors (including
all offices under their jurisdiction); Ports of Entry; Asylum offices
and other offices as detailed in DHS-DS-999, last published in the
Federal Register on October 17, 2002 (67 FR 64136) and on the web
page of each bureau (i.e., http://www.bice.immigration.gov, http://
www.bcbp.gov, and http://www.uscis.immigration.gov); Office of
National Risk Assessment (ONRA).
Categories of individuals covered by the system:
The ADIS database contains arrival/departure, biographic and
biometric indicator information on immigrants and nonimmigrants
entering and departing the United States. The ADIS database contains
biographic arrival/departure information on legal permanent
residents. Although this system primarily consists of immigrants,
nonimmigrants and Lawful Permanent Residents, some of them may change
status and become Lawful Permanent Residents and U.S. citizens. For
the purposes of the U.S. Visitor Immigrant Status Indicator
Technology (US-VISIT) program, non-U.S. citizens who present
themselves for entry into and/or exit from the United States
including individuals subject to the requirements and processes of
US-VISIT are included in ADIS. Individuals covered under US-VISIT
include those who are not U.S. citizens or Lawful Permanent Residents
at the time of entry or exit or are U.S. citizens or Lawful Permanent
Residents who have not identified themselves as such at the time of
entry or exit.
Categories of records in the system:
The ADIS database is a centralized application designed to
create, update and report immigrants' and nonimmigrants' arrivals and
departures to and from the United States. The system also contains
biographic, biometric indicator and address information.
Authority for maintenance of the system:
8 U.S.C. 1365a.
Purpose(s):
This system of records is established and maintained to enable
DHS to carry out its assigned national security, law enforcement,
immigration control, national security and other mission-related
functions and to provide associated management reporting, planning
and analysis. Specifically, the ADIS database is a system of records
tracking immigrants, nonimmigrants and Lawful Permanent Residents
arriving in and departing from the United States. It enables the
Secretary of Homeland Security to identify, through on-line searching
procedures, lawfully admitted nonimmigrants who remain in the United
States beyond the period of authorized stay, and to analyze
information gathered for the purpose of this and other DHS programs.
In addition to arrival and departure information, each record also
provides complete name, date of birth, nationality, gender, passport
number and country of issuance, country of residence, U.S. visa
number including date and place of issuance if applicable, alien
registration number if applicable, immigration status, complete
address while in the United States, and Fingerprint Identification
Number System (FINS) number. The system assists the DHS in supporting
immigration inspection at POEs by providing quick retrieval of
biographic and biometric indicator data on individuals who may be
inadmissible to the United States. Furthermore, the system interfaces
with the Student and Exchange Visitor Information System (SEVIS), the
Computer Linked Applications Information Management System (CLAIMS),
the Passenger Processing Component of the Treasury Enforcement
Communications System (TECS) and the Automated Fingerprint
Identification System (IDENT). It facilitates the investigation
process of individuals who may have violated their immigration
status.
Routine uses of records maintained in the System Including
Categories of Users and Purpose of Such Uses:
Relevant information contained in this system of records may be
disclosed as follows:
A. To appropriate government agencies or organizations(regardless
of whether they are Federal, State, local, foreign, or tribal),
lawfully engaged in collecting law enforcement intelligence
information (whether civil or criminal) and/or charged with
investigating, prosecuting, enforcing or implementing civil and/or
criminal laws, related rules, regulations or orders, to enable these
entities to carry out their law enforcement responsibilities.
B. To an attorney or representative who is acting on behalf of an
individual covered by this system of records as defined in 8 CFR
1.1(j) in any proceeding before the Executive Office for Immigration
Review.
C. In a proceeding before a court, grand jury, or adjudicative
body when records are determined by the Department of Homeland
Security to be arguably relevant to the proceeding where any of the
following is a party: (1) The DHS, or any DHS component, or
subdivision thereof; (2) any DHS employee in his or her official
capacity; (3) any DHS employee in his or her individual capacity when
the DHS has agreed to represent the employee or has authorized a
private attorney to represent him or her; and (4) the United States,
where the DHS or its components are likely to be affected.
D. To a member of Congress or staff acting on the Member's behalf
when the Member or staff requests the information on behalf of and at
the request of the individual who is the subject of the record.
E. To the General Service Administration and the National
Archives and Records Administration (NARA) in records management
inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
F. To the news media and the public when there exists a
legitimate public interest in the disclosure of the information or
when disclosure is necessary to preserve confidence in the integrity
of the Department or is necessary to demonstrate the accountability
of the Department's officers, employees, or individuals covered by
the system, except to the extent it is determined that release of the
specific information in the context of a particular case would
constitute an unwarranted invasion of personal privacy.
G. To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
government, when necessary to accomplish an agency function related
to this system of records.
H. To a former employee of the Department for purposes of
responding to an official inquiry by a Federal, State, or local
government entity or professional licensing authority in accordance
with applicable Department regulations, or facilitating
communications with a former employee that may be necessary for
personnel-related or other official purposes where the Department
requires information and/or consultation assistance from the former
employee regarding a matter within that person's former area of
responsibility.
I. To a Federal, State, tribal, local or foreign government
agency in response to its request, in connection with the hiring or
retention by such agency of an employee, the issuance of a security
clearance, the reporting of an investigation of such an employee, the
letting of a contract, or the issuance of a license, grant, loan or
other benefit by the requesting agency, to the extent that the
information is relevant and necessary to the requesting agency's
decision on the matter.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system
Storage:
These records are stored in a central computer database.
Retrievability:
These records may be searched on a variety of data elements
including name, place and date of entry or departure, country of
citizenship, admission number, and FINS number used to track the
particular fingerprints.
Safeguards:
The system is protected through a multi-layer security approach.
The protective strategies are physical, technical, administrative and
environmental in nature and provide access control to sensitive data,
physical access control to DHS facilities, confidentiality of
communications, authentication of sending parties, and personnel
screening to ensure that all personnel with access to data are
screened through background investigations commensurate with the
level of access required to perform their duties.
Retention and disposal:
Records will be retained for 100 years. This policy proposal for
retention and disposal of records in the ADIS database is pending
approval by the NARA.
System manager(s) and address:
Program Manager, ADIS Program Management Office, 1616 North Fort
Myer Drive, Arlington, VA 22209.
Notification procedure:
Address inquiries to the system manager identified above.
Records Access Procedure:
Since the Privacy Act applies to only U.S. citizens and legal
permanent residents, this notice covers only U.S. citizens and Lawful
Permanent Residents whose information is contained in this system.
Make all requests for access in writing and by mail to the system
manager noted above. The envelope and letter shall be clearly marked
Privacy Access Request. Include a description of the general subject
matter, the related file number if known, and any other identifying
information which may be of assistance in locating the record. To
identify a record, the requester should provide his or her full name,
date and place of birth, verification of identity in accordance with
8 CFR 103.21(b). The requester shall also provide a return address
for transmitting the records to be released.
Contesting records Procedures:
The following procedures cover only U.S. citizens and Lawful
Permanent Residents whose information is contained in this system.
U.S. citizens and Lawful Permanent Residents who wish to contest or
seek amendment of their records should direct a written request to
the system manager. The request should include the requestor's full
name, current address and date of birth, a copy of the record in
question, and a detailed explanation of the change sought. If the
matter cannot be resolved by the system manager, further appeal for
resolution may be made to the DHS Privacy Office.
Record source categories:
Basic information is obtained from individuals, the individuals'
attorney or representative, DHS and DOS officials, and other Federal,
State, and local officials.
Systems exempted from certain provisions of the act:
The Secretary of Homeland Security has exempted this system from
subsections (c)(3) and (4), (d), (e)(1), (2), and (3), (e)(4)(G) and
(H), (e)(5) and (8), and (g) of the Privacy Act pursuant to 5 U.S.C.
552a(j)(2). In addition, the Secretary of Homeland Security has
exempted portions of this system from subsections (c)(3), (d),
(e)(1), (e)(4)(G) and (H) of the Privacy Act pursuant to 5 U.S.C.
552a(k)(2). These exemptions apply only to the extent that records in
the system are subject to exemption pursuant to 5 U.S.C. 552a(j)(2)
and (k)(2).
DHS/ICE-CBP-CIS-001-03
System name:
Enforcement Operational Immigration Records (ENFORCE/IDENT).
System Locations:
Department of Homeland Security (DHS) field offices for the U.S.
Immigration and Customs Enforcement (ICE), Bureau of Customs and
Border Protection (CBP), and the U.S. Citizenship and Immigration
Services (USCIS); Service Centers; Border Patrol Sectors (including
all offices under their jurisdiction); Ports of Entry; Asylum offices
and other offices as detailed in DHS-DS-999, last published in the
Federal Register on October 17, 2002 (67 FR 64136) and on the Web
page of each bureau (i.e., www.bice.immigration.gov, www.bcbp.gov,
and www.uscis.immigration.gov); Office of National Risk Assessment
(ONRA).
Categories of individuals covered by the system:
Categories of individuals covered by this notice may include:
A. Individuals or entities who relate in any manner to
investigations, inspections, apprehensions, detentions, patrols,
removals, examinations, naturalizations, intelligence production,
legal proceedings or other operations that implement and enforce the
Immigration and Nationality Act (INA) (8 U.S.C. 1101 et seq.) and
related treaties, statutes, orders and regulations. Individuals who
are respondents, representatives, or witnesses in administrative,
civil penalty, or forfeiture proceedings, or defendants,
representatives or witnesses in criminal prosecution or extradition
proceedings.
B. Individuals who are obligors or representatives of obligors of
bonds posted.
C. Individuals in distress who are located during search and
rescue operations, and other immigration operations.
D. Individuals wanted by other law enforcement agencies,
including Federal, State, local, tribal, foreign and international or
individuals who are the subject of inquiries, lookouts, or notices by
another agency or a foreign government.
E. Individuals who apply for immigration benefits.
F. Non-U.S. citizens and Non-Lawful Permanent Residents who
present themselves for entry into and/or exit from the United States
including individuals subject to the requirements and processes of
US-VISIT. Individuals covered under US-VISIT include those who are
not U.S. citizens or Lawful Permanent Residents at the time of entry
or exit or who are U.S. citizens or Lawful Permanent Residents who
have not identified themselves as such at the time of entry or exit.
G. Nationals of countries that threaten to wage war, or are or
were at war with the United States, and individuals required to
register as agents of foreign governments in the United States.
Categories of records in the system:
These records may be paper, electronic and/or other record
material (e.g., video or audio tapes) and includes biographical data,
including but not limited to name, aliases, date of birth, phone
numbers, addresses, nationality; personal descriptive data; biometric
identifiers, including but not limited to fingerprints and
photographs; any materials, information or data related to the
subject individual's case, including but not limited to immigration
history, alien registration and other identification or record
numbers, criminal history, employment history, leads, witness
statements, identity documents, evidence, seized property and
contraband; investigative and operational reports, and intelligence
summaries.
Authority for maintenance of the system:
8 U.S.C. 1103; 8 U.S.C. 1225(d)(3); 8 U.S.C. 1324(b)(3); 8 U.S.C.
1357(a); and 8 U.S.C. 1360(b).
Purpose(s):
This system of records is established and maintained to enable
DHS to carry out its assigned national security, law enforcement,
immigration control, and other mission-related functions and to
provide associated management reporting, planning and analysis.
Specifically, this system of records assists in identifying,
investigating, apprehending, and/or removing aliens unlawfully
entering or present in the United States; preventing the entry of
inadmissible aliens into the United States; facilitating the legal
entry of individuals into the United States; recording the departure
of individuals leaving the United States; maintaining immigration
control; preventing aliens from obtaining benefits to which they are
not entitled; analyzing information gathered for the purpose of this
and other DHS programs; or identifying, investigating, apprehending
and prosecuting, or imposing sanctions, fines or civil penalties
against individuals or entities who are in violation of the
Immigration and Nationality Act (INA), or other governing orders,
treaties or regulations and assisting other Federal agencies to
protect national security and carry out other Federal missions.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Relevant information contained in this system of records may be
disclosed, within established confidentiality guidelines (e.g.,
asylum) as follows:
A. To the appropriate agency/organization/task force, regardless
of whether it is Federal, State, local, foreign, or tribal, charged
with the enforcement (e.g., investigation and prosecution) of a law
(criminal or civil), regulation, or treaty, of any record contained
in this system of records which indicates either on its face, or in
conjunction with other information, a violation or potential
violation of that law, regulation, or treaty.
B. To other Federal, State, tribal, and local government law
enforcement and regulatory agencies and foreign governments, and
individuals and organizations during the course of an investigation
or the processing of a matter, or during a proceeding within the
purview of the immigration and nationality laws, to elicit
information required by DHS to carry out its functions and statutory
mandates.
C. To an appropriate Federal, State, local, tribal, international
government agency in response to its request, in connection with the
hiring or retention by such an agency of an employee, the issuance of
a security clearance, the reporting of an investigation of such an
employee, the letting a contract, or the issuance of a license,
grant, loan, or other benefit by the requesting agency, to the extent
that the information is relevant and necessary to the requesting
agency's decision in the matter.
D. To an actual or potential party or to his or her attorney for
the purpose of negotiation or discussion on such matters as
settlement of the case or matter, or discovery proceedings.
E. To a Federal, State, tribal or local government agency to
assist such agencies in collecting the repayment or recovery of
loans, benefits, grants, fines, bonds, civil penalties, judgments or
other debts owed to them or to the United States Government, and/or
to obtain information that may assist DHS in collecting debts owed to
the United States government.
F. To the news media and the public when there exists a
legitimate public interest in the disclosure of the information or
when disclosure is necessary to preserve confidence in the integrity
of the Department or is necessary to demonstrate the accountability
of the Department's officers, employees, or individuals covered by
the system, except to the extent it is determined that release of the
specific information in the context of a particular case would
constitute an unwarranted invasion of personal privacy.
G. To a Member of Congress, or staff acting upon the Member's
behalf when the Member or staff requests the information on behalf of
and at the request of the individual who is the subject of the
record.
H. To the General Services Administration (GSA) and National
Archives and Records Administration (NARA) in records management
inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
I. To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the Federal
Government, when necessary to accomplish an agency function related
to this system of records.
J. To a former employee of the Department for purposes of:
responding to an official inquiry by a federal, state, or local
government entity or professional licensing authority, in accordance
with applicable department regulations; or facilitating
communications with a former employee that may be necessary for
personnel-related or other official purposes where the Department
requires information and/or consultation assistance from the former
employee regarding a matter within that person's former area of
responsibility.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information can be stored in case file folders, cabinets, safes,
or a variety of electronic or computer databases and storage media.
Retrievability:
Records may be retrieved by name; identification numbers
(including but not limited to alien number, fingerprint
identification number, etc.); case related data and/or combination of
other personal identifiers such as date of birth, nationality, etc.
Safeguards:
The system is protected through multi-layer security mechanisms.
The protective strategies are physical, technical, administrative and
environmental in nature and provide access control to sensitive data,
physical access control to DHS facilities, confidentiality of
communications, authentication of sending parties, and personnel
screening to ensure that all personnel with access to data are
screened through background investigations commensurate with the
level of access required to perform their duties.
Retention and disposal:
The following proposal for retention and disposal is pending
approval with NARA:
Records that are stored in an individual's file will be purged
according to the retention and disposition guidelines that relate to
the individuals file (DHS/ICE/BCIS-001A). Electronic records for
which the statute of limitations has expired for all criminal
violations and that are older than 75 years will be purged.
Fingerprint cards, created for the purpose of entering records in the
database, will be destroyed after data entry. The I-877, and copies
of supporting documentation, which are created for the purpose of
special alien registration back-up procedures, will be destroyed
after data entry. Work Measurement Reports and Statistical Reports
will be maintained within the guidelines set forth in NCI-95-78-5/2
and NCI-85-78-1/2 respectively. Finally, user manuals are retained
for the life of the system or until changes are made to the system,
which ever comes first, and then destroyed.
System manAGER AND ADDRESS:
Program Manager, ENFORCE/IDENT Program Management Office, 1616
North Fort Myer Drive, Arlington, VA 22209.
Notification procedure:
Inquiries should be addressed to the FOIA/PA officer at the
office where the record is maintained or to the Chief, Information
Disclosure Mission Support, Office of Investigations at 425 I Street,
NW, Washington, DC 20536.
Comment to Department's Privacy Office Procedure:
Comments to the Department's Privacy Office should include the
notice number as the subject line of email or letter and be addressed
to [email protected] or Privacy Office, DHS, Washington, DC 20528.
RECORD ACCESS PROCEDURE:
The major part of this system is exempted from this requirement
pursuant to 5 U.S.C. 552a (j)(2) and (k)(2). To the extent that this
system of records is not subject to exemption, it is subject to
access. A determination as to the granting or denial of access shall
be made at the time a request is received. Requests for access to
records in this system must be in writing, and should be addressed to
the System Manager noted above or to the appropriate FOIA/PA Officer.
Such request may be submitted either by mail or in person. The
envelope and letter shall be clearly marked ``Privacy Access
Request.'' To identify a record, the record subject should provide
his or her full name, date and place of birth; if appropriate, the
date and place of entry into or departure from the United States;
verification of identity (in accordance with 8 CFR 103.21(b) and/or
pursuant to 28 U.S.C. 1746, make a dated statement under penalty of
perjury as a substitute for notarization), and any other identifying
information that may be of assistance in locating the record. He or
she shall also provide a return address for transmitting the records
to be released.
Contesting record procedures:
The major part of this system is exempted from this requirement
pursuant to 5 U.S.C. 552a (j)(2) and (k)(2). To the extent that this
system of records is not subject to exemption, it is subject to
access and contest. A determination as to the granting or denial of a
request shall be made at the time a request is received. An
individual desiring to request amendment of records maintained in
this system should direct his or her request to the System Manager of
the appropriate office that maintains the record or (if unknown) to
the appropriate FOIA/PA Officer at each bureau. The request should
state clearly what information is being contested, the reasons for
contesting it, and the proposed amendment to the information.
Record source categories:
Basic information contained in this system is supplied by
individuals covered by this system, and other Federal, state, local,
tribal, or foreign governments; private citizens, public and private
organizations.
Systems exempted from certain provisions of the act:
The Secretary of Homeland Security has exempted this system from
subsections (c)(3) and (4), (d), (e)(1), (2), and (3), (e)(4)(G) and
(H), (e)(5) and (8), and (g) of the Privacy Act pursuant to 5 U.S.C.
552a (j)(2). In addition, the Secretary of Homeland Security has
exempted portions of this system from subsections (c)(3), (d),
(e)(1), (e)(4)(G) and (H) of the Privacy Act pursuant to 5 U.S.C.
552a (k)(2). These exemptions apply only to the extent that records
in the system are subject to exemption pursuant to 5 U.S.C. 552a
(j)(2) and (k)(2).
Dated: December 8, 2003.
Nuala O'Connor Kelly,
Chief Privacy Officer.
DHS/TSA 001
System name:
Transportation Security Enforcement Record System (TSERS).
Security classification:
Classified, sensitive.
System location:
Records are maintained in the Office of Chief Counsel and in the
Office of the Assistant Administrator for Aviation Operations,
Transportation Security Administration (TSA) Headquarters in
Arlington, Virginia. Records will also be maintained at the various
TSA field offices.
Categories of individuals covered by the system:
Owners, operators, and employees in all modes of transportation
for which TSA has security-related duties; witnesses; passengers
undergoing screening of their person or property; individuals against
whom investigative, administrative, or legal enforcement action has
been initiated for violation of certain Transportation Security
Administration Regulations (TSR), relevant provisions of 49 U.S.C.
Chapter 449, or other laws; individuals being investigated or
prosecuted for violations of criminal law; and individuals who
communicate security incidents, potential security incidents, or
otherwise suspicious activities.
Categories of records in the system:
Information related to the screening of passengers and property
and the investigation or prosecution of any alleged violation,
including name of and demographic information about alleged violators
and witnesses; place of violation; Enforcement Investigative Reports
(EIRs); security incident reports, screening reports, suspicious-
activity reports and other incident or investigative reports;
statements of alleged violators and witnesses; proposed penalty;
investigators' analyses and work papers; enforcement actions taken;
findings; documentation of physical evidence; correspondence of TSA
employees and others in enforcement cases; pleadings and other court
filings; legal opinions and attorney work papers; and information
obtained from various law enforcement or prosecuting authorities
relating to the enforcement of criminal laws.
Authority for maintenance of the system:
49 U.S.C. 114(d), 44901, 44903, 44916, 46101, 46301.
Purpose(s):
The records are created in order to maintain a civil enforcement
and inspections system for all modes of transportation for which TSA
has security related duties and to maintain records related to the
investigation or prosecution of violations or potential violations of
federal, state, local, or international criminal law. They may be
used, generally, to identify, review, analyze, investigate, and
prosecute violations or potential violations of transportation
security laws or other laws as well as to identify and address
potential threats to transportation security. They may also be used
to record the details of TSA security-related activity, such as
passenger or baggage screening.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to (a) ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence
or law enforcement information related to transportation security;
(d) assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at
airports and other transportation facilities; (f) plan and coordinate
any actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, certificate,
contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(3) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency regarding individuals
who pose or are suspected of posing a risk to transportation or
national security.
(4) To contractors, grantees, experts, consultants, or other like
persons when necessary to perform a function or service related to
this system of records for which they have been engaged. Such
recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(5) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual,
or the issuance of a security clearance, license, contract, grant, or
other benefit.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(7) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(8) To third parties during the course of an investigation into
violations or potential violations of transportation security laws to
the extent necessary to obtain information pertinent to the
investigation.
(9) To airport operators, aircraft operators, and maritime and
land transportation operators about individuals who are their
employees, job applicants, or contractors, or persons to whom they
issue identification credentials or grant clearances to secured areas
in transportation facilities when relevant to such employment,
application, contract, or the issuance of such credentials or
clearances.
(10) To the Department of Justice (DOJ) or other Federal agency
in the review, settlement, defense, and prosecution of claims,
complaints, and lawsuits involving matters over which TSA exercises
jurisdiction or when conducting litigation or in proceedings before
any court, adjudicative or administrative body, when: (a) TSA, or (b)
any employee of TSA in his/her official capacity, or (c) any employee
of TSA in his/her individual capacity where DOJ or TSA has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(11) To a congressional office from the record of an individual
in response to an inquiry from that congressional office made at the
request of the individual.
(12) To the National Archives and Records Administration or other
appropriate Federal agency in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(13) To any agency or instrumentality charged under applicable
law with the protection of the public health or safety under exigent
circumstances where the public health or safety is at risk.
(14) To the Department of Justice, United States Attorney's
Office, or other appropriate Federal agency for further collection
action on any delinquent debt when circumstances warrant, or to a
debt collection agency for the purpose of debt collection.
(15) With respect to members of the armed forces who may have
violated aviation security or safety requirements, disclose the
individual's identifying information and details of their travel on
the date of the incident in question to the appropriate branch of the
armed forces to the extent necessary to determine whether the
individual was performing official duties at the time of the
incident. Members of the armed forces include active duty and reserve
members, and members of the National Guard. This routine use is
intended to permit TSA to determine whether the potential violation
must be referred to the appropriate branch of the armed forces for
action pursuant to 49 U.S.C. 46101(b).
(16) To airport operators, aircraft operators, and/or maritime
and land transportation operators when appropriate to address a
threat or potential threat to transportation security, or when
required for administrative purposes related to the effective and
efficient administration of transportation security laws.
Disclosure to consumer reporting agencies:
Pursuant to 5 U.S.C. 552a(b)(12), disclosures may be made from
this system to consumer reporting agencies collecting on behalf of
the United States Government.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper and in computer-accessible
storage media. Records are also stored on microfiche and roll
microfilm.
Retrievability:
Records are retrieved by name, address, social security account
number, administrative action or legal enforcement numbers, or other
assigned identifier of the individual on whom the records are
maintained.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who also have a need-to-know; using locks, alarm
devices, and passwords; and encrypting data communications. Strict
control measures are enforced to ensure that access to classified
and/or sensitive information in these records is also based on ``need
to know.'' Electronic access is limited by computer security measures
that are strictly enforced. TSA file areas are locked after normal
duty hours and the facilities are protected from the outside by
security personnel.
Retention and disposal:
National Archives and Records Administration approval is pending
for the records in this system. Once approved, paper records and
information stored on electronic storage media are to be maintained
within TSA for five years and then forwarded to Federal Records
Center. Records are destroyed after ten years.
System manager and address:
Information Systems Program Manager, Office of the Chief Counsel,
TSA Headquarters, TSA-2, 601 South 12th Street, Arlington, VA 22202-
4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedure:
Same as ``Notification Procedures'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedures:
Same as ``Notification Procedure'' and ``Record Access
Procedure,'' above.
Record source categories:
Information contained in this system is obtained from the alleged
violator, TSA employees or contractors, witnesses to the alleged
violation or events surrounding the alleged violation, other third
parties who provided information regarding the alleged violation,
state and local agencies, other Federal agencies, and law enforcement
authorities.
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and
(k)(2). Portions of the system pertaining to investigations or
prosecutions of violations of criminal law are exempt under 5 U.S.C.
552a(j)(2).
DHS/TSA 002
System name:
Transportation Security Threat Assessment System (T-STAS).
Security classification:
Classified, Sensitive.
System location:
Records are maintained at the offices of the Transportation
Security Administration (TSA) Headquarters in Arlington, Virginia.
Some records may also be maintained at the offices of TSA
contractors, or in TSA field offices.
Categories of individuals covered by the system:
Individuals who are required to undergo a security threat
assessment or employment investigation in order to obtain access to
the following: Transportation infrastructure or assets, such as
terminals, facilities, pipelines, railways, mass transit, vessels,
aircraft, or vehicles; restricted airspace; passenger baggage; cargo;
or transportation-related instruction or training (such as flight
training). This includes but is not limited to the following
individuals:
(a) Individuals who require or seek access to airport secured,
sterile, or a Security Identification Display Area (SIDA); have or
seek unescorted access authority to these areas; have or seek
authority to grant others unescorted access to these areas; have or
seek regular escorted access to these areas; or are seeking
identification that is evidence of employment at the airport.
(b) Individuals who have or are seeking responsibility for
screening passengers or carry-on baggage, and those persons serving
as immediate supervisors and the next supervisory level to those
individuals, other than employees of the TSA who perform or seek to
perform these functions.
(c) Individuals who have or are seeking responsibility for
screening checked baggage or cargo, and their immediate supervisors,
and the next supervisory level to those individuals, other than
employees of the TSA who perform or seek to perform these functions.
(d) Individuals who have or are seeking the authority to accept
checked baggage for transport on behalf of an aircraft operator that
is required to screen passengers.
(e) Pilots, copilots, flight engineers, flight navigators,
airline personnel authorized to fly in the cockpit, relief or
deadheading crewmembers, cabin crew, and other flight crew for an
aircraft operator or foreign air carrier that is required to adopt
and carry out a security program.
(f) Flight crews and passengers who request waivers of temporary
flight restrictions (TFRs) or other restrictions pertaining to
airspace.
(g) Other individuals who are connected to the transportation
industry for whom TSA conducts security threat assessments to ensure
transportation security.
(h) Individuals who have or are seeking unescorted access to
cargo in the transportation system.
(i) Individuals who are owners, officers, or directors of an
indirect air carrier or a business seeking to become an indirect air
carrier.
(j) Aliens or other individuals designated by TSA who apply for
flight training or recurrent training.
(k) Individuals transported on all-cargo aircraft, including
aircraft operator or foreign air carrier employees and their family
members and persons transported for the flight.
Categories of records in the system:
TSA's system may contain any or all of the following information
regarding individuals covered by this system: (a) Full name
(including aliases or variations of spelling); (b) gender; (c)
current and historical contact information (including but not limited
to address information, telephone number, e-mail); (d) government
issued licensing or identification information (including but not
limited to social security number, pilot certificate information,
including number and country of issuance, and other licensing
information for modes of transportation); (e) date and place of
birth; (f) name and information including contact information and
identifying number (if any) of the airport, aircraft operator,
indirect air carrier, maritime or land transportation operator, or
other employer or entity that is employing the individual or
submitting the individual's information or sponsoring the
individual's background check/threat assessment; (g) physical
description, fingerprint and/or other biometric identifier and
photograph; (h) date, place, and type of flight training or other
instruction; (i) control number or other unique identification number
assigned to an individual or credential; (j) information necessary to
assist in tracking submissions, payments, and transmission of
records; (k) results of any analysis performed for security threat
assessments and adjudications; (l) other data as required by Form FD
258 (fingerprint card) or other standard fingerprint cards used by
the Federal government; (m) information provided by individuals
covered by this system in support of their application for an appeal
or waiver; (n) flight information, including crew status on board;
(o) travel document information (including but not limited to
passport information, including number and country of issuance, and
current and past citizenship information and immigration status, any
alien registration numbers, and any visa information); (p)
identification records obtained from the Federal Bureau of
Investigation (FBI), which are compilations of criminal history
record information pertaining to individuals who have criminal
fingerprints maintained in the FBI's Fingerprint Identification
Records System (FIRS); (q) data gathered from foreign governments or
entities that is necessary to address security concerns in the
aviation, maritime, or land transportation systems; (r) other
information provided by Federal, State, and local government agencies
or private entities; (s) The individual's level of access at an
airport; and (t) the individual's military service history.
Authority for maintenance of the system:
49 U.S.C. 114, 5103a, 40103(b)(3), 40113(a), 44903(b), 44936,
44939, 46105.
Purpose(s):
(a) Performance of security threat assessments and employment
investigations that Federal statutes and/or TSA regulations authorize
for the individuals identified in ``Categories of individuals covered
by the system,'' above.
(b) To assist in the management and tracking of the status of
security threat assessments and employment investigations.
(c) To permit the retrieval of the results of security threat
assessments and employment investigations, including criminal history
records checks and searches in other governmental, commercial, and
private data systems, performed on the individuals covered by this
system.
(d) To permit the retrieval of information from other terrorist-
related, law enforcement and Intelligence databases on the
individuals covered by this system.
(e) To track the fees incurred and payment of those fees by the
airport operators, aircraft operators, maritime and land
transportation operators, flight students, and others where
appropriate for services related to security threat assessments and
employment investigations.
(f) To facilitate the performance of security threat assessments
and other investigations that TSA may conduct to ensure
transportation security.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to: (a) Ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence
or law enforcement information related to transportation security;
(d) assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at
airports and other transportation facilities; (f) plan and coordinate
any actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, endorsement,
certificate, contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(3) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency regarding individuals
who pose or are suspected of posing a risk to transportation or
national security.
(4) To contractors, grantees, experts, consultants, volunteers,
or other like persons when necessary to perform a function or service
related to this system of records for which they have been engaged.
Such recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(5) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual,
or the issuance of a security clearance, license, endorsement,
contract, grant, waiver, credential, or other benefit.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, endorsement, contract,
grant, waiver, credential, or other benefit.
(7) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(8) To third parties during the course of a security threat
assessment, employment investigation, or adjudication of a waiver or
appeal request, to the extent necessary to obtain information
pertinent to the assessment, investigation, or adjudication.
(9) To airport operators, indirect air carriers, aircraft
operators, flight school operators, and maritime and land
transportation operators or contractors about individuals who are
their employees, job applicants, or contractors, or persons to whom
they issue identification credentials or grant clearances to secured
areas in transportation facilities, or provide flight training, when
relevant to such employment, application, contract, or the issuance
of such credentials, clearances, or acceptance for flight training.
(10) To a Federal, State, local, tribal, territorial, foreign, or
international agency so that TSA may obtain information to conduct
security threat assessments or employment investigations and to
facilitate any associated payment and accounting.
(11) To the Department of Justice (DOJ) or other Federal agency
in the review, settlement, defense, and prosecution of claims,
complaints, and lawsuits involving matters over which TSA exercises
jurisdiction or when conducting litigation or in proceedings before
any court, adjudicative or administrative body, when: (a) TSA, or (b)
any employee of TSA in his/her official capacity, or (c) any employee
of TSA in his/her individual capacity where DOJ or TSA has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(12) To a congressional office from the record of an individual
in response to an inquiry from that congressional office made at the
request of the individual.
(13) To the National Archives and Records Administration or other
appropriate Federal agency pursuant to records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
In electronic storage media and hard copy.
Retrievability:
Information can be retrieved by name, social security number,
identifying number of the submitting or sponsoring entity, other case
number assigned by TSA or other entity/agency, biometric, or a unique
identification number or any other identifying particular assigned or
belonging to the individual.
Safeguards:
All records are protected from unauthorized access through
appropriate administrative, physical, and technical safeguards. These
safeguards include some or all of the following: restricting access
to those authorized with a need-to-know; using locks, alarm devices,
and passwords; compartmentalizing databases; auditing software; and
encrypting data communications.
Retention and disposal:
National Archives and Records Administration approval is pending
for the records in this system.
System manager(s) and address:
Assistant Director for Compliance, Credentialing Program Office,
TSA-19, 601 S. 12th Street, Arlington, VA 22202-4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedure:
Same as ``Notification Procedure'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedure:
Same as ``Notification Procedure'' and ``Record Access
Procedure'' above.
Record source categories:
Information is collected from individuals subject to a security
threat assessment or employment investigation; from aviation,
maritime, and land transportation operators, flight schools, or other
persons sponsoring the individual; and any other persons, including
commercial entities, that may have information that is relevant or
necessary to the assessment or investigation. Information about
individuals is also used or collected from domestic and international
intelligence sources and other governmental, private, and public
databases. The sources of information in the criminal history records
obtained from the FBI are set forth in the Privacy Act system of
records notice ``JUSTICE/FBI-009.''
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and
(k)(2).
DHS/TSA 003
System name:
Employee Transportation Facilitation Records
Security classification:
Unclassified, sensitive.
System location:
Records are maintained in the Office of Real Estate Services, TSA
Headquarters in Arlington, Virginia; at various TSA field offices,
the DOT Headquarters Parking and Transit Office in Washington, DC;
and at a digital safe site managed by a government contractor.
Categories of individuals covered by the system:
Applicants or holders of parking permits, members of carpools and
vanpools, applicants for ridesharing information, applicants or
recipients of transit benefits, applicants or recipients of parking
subsidies issued under the Parking Information Payment System (PIPS).
Categories of records in the system:
Records of holders of parking permits; records of carpool and
vanpool members; records and reports of the status of rideshare
applications; applications and certifications of fare subsidy
recipients; records and reports of disbursements to fare subsidy
recipients; information collected related to the payment of parking
subsidies; records and reports of disbursements to parking subsidy
recipients; information necessary to establish direct debit payment
when appropriate. These records may include an individual's name,
title, social security number, duty station, commuter costs, method
of commute, subsidy amount, bank account information, and the
identities of other carpool members.
Authority for maintenance of the system:
5 U.S.C. 301; 49 U.S.C. 114; E.O. 13150; E.O. 9397.
Purpose(s):
Records are maintained to facilitate management of parking
resources, transportation resources and subsidy benefits, to create
and enlarge carpools and vanpools, to ensure employee eligibility for
any benefits received, to contact employees regarding matters related
to these programs, and to prevent the misuse of government resources.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To contractors, grantees, experts, consultants, or other like
persons when necessary to perform a function or service related to
this system of records for which they have been engaged. Such
recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(2) To transportation facility operators when necessary to
perform a function or service related to this system of records or to
determine program eligibility.
(3) To the Department of Transportation (DOT) or other Federal,
State, local, tribal, or territorial agencies when necessary to
perform a function or service related to this system of records or to
determine program eligibility, which may involve the use of an
authorized computer matching program.
(4) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(5) To the Department of Justice (DOJ) or other Federal agency in
the review, settlement, defense, and prosecution of claims,
complaints, and lawsuits involving matters over which TSA exercises
jurisdiction or when conducting litigation or in proceedings before
any court, adjudicative or administrative body, when: (a) TSA, or (b)
any employee of TSA in his/her official capacity, or (c) any employee
of TSA in his/her individual capacity where DOJ or TSA has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(6) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(7) To the National Archives and Records Administration or other
appropriate Federal agency in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(8) To other Federal employees or persons voluntarily
participating in ridesharing programs only to the extent necessary
for the operation of these programs.
(9) To the Department of Justice, United States Attorney's
Office, or other Federal agencies for further collection action on
any delinquent debt when circumstances warrant, or to a debt
collection agency for the purpose of debt collection.
Disclosures to consumer reporting agencies:
Pursuant to 5 U.S.C. 552a(b)(12), disclosures may be made from
this system to consumer reporting agencies collecting on behalf of
the United States Government.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in hard copy or in electronic format on a
system database.
Retrievability:
Records are retrieved by name, address, social security number,
permit number, or other assigned identifier of the individual on whom
the records are maintained.
Safeguards:
Except for carpool listings, access is accorded only to parking
and fare subsidy management offices. Printouts of carpool listings
contain only name, agency, and work telephone number. Information in
this system is safeguarded in accordance with applicable laws, rules
and policies. All records are protected from unauthorized access
through appropriate administrative, physical, and technical
safeguards. Control measures are enforced to ensure that access to
sensitive information in these records, such as Social Security
Numbers, is based on a ``need to know.''
Retention and disposal:
Records in this system will be retained in accordance with a
schedule to be approved by the National Archives and Records
Administration.
System manager(s) and address:
Transportation Benefits Coordinator, Office of Real Estate
Services, TSA Headquarters, TSA-17, 601 South 12th Street, Arlington,
VA 22202-4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedure:
Same as ``Notification Procedure,'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedure:
Same as ``Notification Procedure'' and ``Record Access
Procedure,'' above.
Record source categories:
Information contained in this system is obtained from employees
participating in parking, ridesharing, and transit benefits programs,
from notifications from other Federal agencies in the program, and
from periodic certifications and reports regarding fare subsidies.
Exemptions claimed for the system:
None.
DHS/TSA 004
System name:
Personnel Background Investigation File System
Security classification:
Classified, Sensitive.
System location:
Records are maintained at the offices of the Transportation
Security Administration Headquarters located in Arlington, Virginia.
Some records may also be maintained at the offices of a TSA
contractor or in TSA field offices.
Categories of individuals covered by the system:
Current and former TSA employees, applicants for TSA employment,
and TSA contract employees.
Categories of records in the system:
The system contains an index reference record used to track the
status of an applicant's background investigation, Standard Form
85P--``Questionnaire For Public Trust Positions,'' investigative
summaries and compilations of criminal history record checks, and
administrative records and correspondence incidental to the
background investigation process.
Authority for maintenance of the system:
5 U.S.C. 3301, 3302; 49 U.S.C. 114, 44935; 5 CFR Parts 731, 732,
and 736; and Executive Orders 10450, 10577, and 12968.
Purpose(s):
The system will maintain investigative and background records
used to make suitability and eligibility determinations for the
individuals listed under ``Categories of individuals.''
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to (a) ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence
or law enforcement information related to transportation security;
(d) assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at
airports and other transportation facilities; (f) plan and coordinate
any actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, certificate,
contract, grant, or other benefit.
(2) Except as noted in Question 14 of the Questionnaire for
Public Trust Positions, to the appropriate Federal, State, local,
tribal, territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(3) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency regarding individuals
who pose or are suspected of posing a risk to transportation or
national security.
(4) To contractors, grantees, experts, consultants, or other like
persons when necessary to perform a function or service related to
this record for which they have been engaged. Such recipients shall
be required to comply with the Privacy Act, 5 U.S.C. 552a, as
amended.
(5) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual,
or the issuance of a security clearance, license, contract, grant, or
other benefit.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(7) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(8) To third parties during the course of an investigation into
violations or potential violations of transportation security laws to
the extent necessary to obtain information pertinent to the
investigation.
(9) To airport operators, aircraft operators, and maritime and
land transportation operators about individuals who are their
employees, job applicants, or contractors, or persons to whom they
issue identification credentials or grant clearances to secured areas
in transportation facilities when relevant to such employment,
application, contract, or the issuance of such credentials or
clearances.
(10) To the Department of Justice (DOJ) or other Federal agency
in the review, settlement, defense, and prosecution of claims,
complaints, and lawsuits involving matters over which TSA exercises
jurisdiction or when conducting litigation or in proceedings before
any court, adjudicative or administrative body, when: (a) TSA, or (b)
any employee of TSA in his/her official capacity, or (c) any employee
of TSA in his/her individual capacity where DOJ or TSA has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(11) To a congressional office from the record of an individual
in response to an inquiry from that congressional office made at the
request of the individual.
(12) To the National Archives and Records Administration or other
appropriate Federal agency in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper and in computer-accessible
storage media. Records are also stored on microfiche and roll
microfilm.
Retrievability:
Records are retrieved by name, address, and social security
account number or other assigned tracking identifier of the
individual on whom the records are maintained.
Safeguards:
Access to TSA working and storage areas is restricted to
employees on a ``need to know'' basis. Strict control measures are
enforced to ensure that access to these records is also based on
``need to know.'' Generally, TSA file areas are locked after normal
duty hours and the facilities are protected from the outside by
security personnel.
Retention and disposal:
Paper records and information stored on electronic storage are
destroyed upon notification of death or not later than 5 years after
separation or transfer of employee or no later than 5 years after
contract relationship expires, whichever is applicable.
System manager and address:
Director of Transportation Credentialing, TSA Headquarters, TSA-
19, 601 South 12th Street, Arlington, VA 22202-4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedure:
Same as ``Notification Procedure'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedure:
Same as ``Notification Procedure'' and ``Record Access
Procedure,'' above.
Record source categories:
Information contained in this system is obtained from the job
applicant on the Questionnaire For Public Trust Positions, law
enforcement and intelligence agency record systems, publicly
available government records and commercial databases.
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and
(k)(5).
DHS/TSA 005
System name:
Internal Investigation Record System (IIRS)
Security classification:
Classified, sensitive.
System location:
Records are maintained in the Office of the Assistant
Administrator for Internal Affairs and Program Review and the Office
of the Assistant Administrator for Human Resources, Transportation
Security Administration (TSA) Headquarters in Arlington, Virginia.
Records may also be maintained at TSA's Office of Chief Counsel, the
Office of the Assistant Administrator for Aviation Operations, or at
various TSA field offices.
Categories of individuals covered by the system:
(a) Current and former TSA employees and current and former
consultants, contractors, and subcontractors with whom the agency has
done business, and their employees; (b) Witnesses, complainants, and
other individuals who have been identified as relevant to the
investigation; (c) Individuals who have been identified as relevant
to investigations of security-related incidents or reviews of TSA
programs and operations.
Categories of records in the system:
(a) Information relating to investigations conducted by TSA
regarding or relevant to covered individuals, including but not
limited to identifying information of relevant parties (e.g.,
subject, complainants, witnesses); correspondence; memoranda
(including legal opinions or advice provided by agency counsel);
statements and other information provided by investigation subjects,
complainants, witnesses, or others; details of security-related
incidents or alleged criminal, civil, or administrative misconduct,
or that are indicative of such misconduct; and records concerning an
individual's employment status or conduct while employed by TSA.
``Investigation'' may include action that is taken in response to
complaints or inquiries regarding covered individuals.
(b) Files and reports pertaining to investigations prepared by
the Office of Internal Affairs and Program Review or other TSA
offices, to include all related material such as exhibits,
statements, affidavits, records obtained during the course of the
investigation (including those obtained from other sources, such as
Federal, State, local, international, or foreign investigatory or law
enforcement agencies and other government agencies), and records
involving the disposition of the investigation and any resulting
agency action (e.g., criminal prosecutions, civil proceedings,
administrative action).
Authority for maintenance of the system:
49 U.S.C. 114.
Purpose(s):
(a) To facilitate and assist in the management, tracking, and
retrieval of investigations of allegations or appearances of
misconduct (and related incidents) of current or former TSA employees
or contractors and investigations of security-related incidents or
reviews of TSA programs and operations.
(b) To promote economy, efficiency, and effectiveness of the
Internal Investigation system, to conduct and supervise
investigations covered by this system, and to detect fraud and abuse
in the investigations program.
(c) To provide support for any adverse action or counseling that
may occur as a result of the findings of the investigation.
(d) To monitor case assignment, disposition, status, and results
of investigations.
(e) To permit the retrieval of investigation results performed on
the individuals covered in this system.
(f) To take action on or respond to a complaint or inquiry
concerning a TSA employee or contractor.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to (a) ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence
or law enforcement information related to transportation security;
(d) assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at
airports and other transportation facilities; (f) plan and coordinate
any actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, certificate,
contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(3) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency regarding individuals
who pose or are suspected of posing a risk to transportation or
national security.
(4) To contractors, grantees, experts, consultants, or other like
persons when necessary to perform a function or service related to
this system of records for which they have been engaged. Such
recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(5) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual,
or the issuance of a security clearance, license, contract, grant, or
other benefit.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(7) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(8) To third parties during the course of an investigation into
violations or potential violations of transportation security laws to
the extent necessary to obtain information pertinent to the
investigation.
(9) To airport operators, aircraft operators, and maritime and
land transportation operators about individuals who are their
employees, job applicants, or contractors, or persons to whom they
issue identification credentials or grant clearances to secured areas
in transportation facilities when relevant to such employment,
application, contract, or the issuance of such credentials or
clearances.
(10) To the Department of Justice (DOJ) or other Federal agency
in the review, settlement, defense, and prosecution of claims,
complaints, and lawsuits involving matters over which TSA exercises
jurisdiction or when conducting litigation or in proceedings before
any court, adjudicative or administrative body, when: (a) TSA, or (b)
any employee of TSA in his/her official capacity, or (c) any employee
of TSA in his/her individual capacity where DOJ or TSA has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(11) To a congressional office from the record of an individual
in response to an inquiry from that congressional office made at the
request of the individual.
(12) To the National Archives and Records Administration or other
appropriate Federal agency in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(13) To complainants to the extent necessary to provide such
persons with relevant information and explanations concerning the
progress and/or results of the investigation or case arising from the
matters about which they complained.
(14) To professional organizations or associations with which
individuals covered by this system of records may be affiliated, such
as law enforcement disciplinary authorities, to meet those
organizations' responsibilities in connection with the administration
and maintenance of standards of conduct and discipline.
(15) To airport operators, aircraft operators, and/or maritime
and land transportation operators when appropriate to address a
threat or potential threat to transportation security, or when
required for administrative purposes related to the effective and
efficient administration of transportation security laws.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
In electronic storage media and hard copy.
Retrievability:
Records may be retrieved by name, unique numbers assigned to the
matter, or other assigned tracking identifier of the individual on
whom the records are maintained.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
those authorized with a need to know and using locked cabinets,
alarms, and passwords. TSA file areas are locked after normal duty
hours and the facilities are protected from the outside by security
personnel.
Retention and disposal:
National Archives and Records Administration approval is pending
for the records in this system. The request states that paper records
and information stored on electronic storage media are maintained
within the Office of Internal Affairs and Program Review for 3 years
and then forwarded to the Federal Records Center. Records are
destroyed after 15 years. The disposition period for records
maintained in other offices is still under consideration.
System managers and addresses:
Management Analyst, Office of Internal Affairs and Program
Review, TSA Headquarters, TSA-13, 601 South 12th Street, Arlington,
VA 22202-4220.
Deputy Assistant Administrator for Operations, TSA Office of
Human Resources, TSA Headquarters, TSA-21, 601 South 12th Street,
Arlington, VA 22202-4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Managers identified above.
Record access procedure:
Same as ``Notification Procedure'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the records(s) may have been generated and, if
applicable the airport to which the covered individual was assigned
at the time of the conduct or incident under investigation.
Individuals requesting access must comply with the Department of
Homeland Security's Privacy Act regulations on verification of
identity (6 CFR 5.21(d)).
Contesting record procedure:
Same a ``Notification Procedure'' and ``Record Access
Procedure,'' above.
Record source categories:
Information maintained in this system is primarily obtained from
individuals associated with TSA investigations including
investigations of alleged misconduct of TSA employees or contractors
and investigations of security-related incidents or reviews of TSA
programs and operations. ``Individuals'' include TSA employees or
contractors, witnesses to the alleged violation or events surrounding
the alleged misconduct or other third parties who provided
information regarding the alleged misconduct and passengers or others
relevant to security-related incidents or reviews of TSA programs and
operations. Information may also be collected from documents such as
incident reports and audit reports, and from other sources, such as
law enforcement, financial institutions, employers, state and local
agencies, and other Federal agencies.
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(j)(2),
(k)(1), and (k)(2).
DHS/TSA 006
System name:
Correspondence and Matters Tracking Records (CMTR)
Security classification:
Sensitive, Classified.
System location:
Records are maintained at Transportation Security Administration
(TSA) Office of the Executive Secretariat, TSA Headquarters in
Arlington, Virginia. Records may also be located at the Office of
Legislative Affairs, and the Office of the Ombudsman (which includes
the Consumer Response Center (CRC)), to the extent those offices
maintain matter tracking information. Records may also be maintained
in other offices at TSA Headquarters and at the various TSA field
offices.
Categories of individuals covered by the system:
To the extent not covered by any other system, this system covers
individuals who submit inquiries, comments, complaints, or claims to
TSA in writing, in person, or by telephone, for response and
resolution and those with any matter pending before TSA. This
includes TSA employees, Members of Congress and their staff, officers
and employees of other Executive branch agencies and the White House,
tort and property claimants who have filed claims against the
Government or TSA, stakeholders, passengers in transportation, and
members of the public.
Categories of records in the system:
Correspondence and information related thereto, including name,
address, and telephone number of individuals contacting TSA; records
of contacts made by or on behalf of individuals, including inquiries,
comments, complaints, resumes and letters of reference; staff
reports; TSA's responses to correspondence and calls; and staff
recommendations on actions requiring approval or action by a TSA
official. The system also includes records, including those prepared
by TSA employees, related to matters under consideration by TSA.
Authority for maintenance of the system:
49 U.S.C. 114; 5 U.S.C. 301.
Purpose(s):
(a) To facilitate and assist in the management, tracking,
retrieval, and response to incoming correspondence, inquiries,
claims, and complaints associated with all subject matters over which
TSA exercises jurisdiction.
(b) To monitor assignment, disposition, status, and results of
correspondence, inquiries, claims, and complaints sent to TSA and,
generally, to review, analyze, investigate, and study trends
identified by the concerns expressed.
(c) To facilitate and assist in the management, tracking, and
retrieval of information associated with matters and issues under
consideration by TSA.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation and its
operating administrations when relevant or necessary to (a) ensure
safety and security in any mode of transportation; (b) enforce
safety- and security-related regulations and requirements; (c) assess
and distribute intelligence or law enforcement information related to
transportation security; (d) assess and respond to threats to
transportation; (e) oversee the implementation and ensure the
adequacy of security measures at airports and other transportation
facilities; (f) plan and coordinate any actions or activities that
may affect transportation safety and security or the operations of
transportation operators; or (g) the issuance, maintenance, or
renewal of a license, certificate, contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal,
territorial, foreign, or nternational agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(3) To contractors, grantees, experts, consultants, or volunteers
when necessary to perform a function or service related to this
system of records for which they have been engaged. Such recipients
are required to comply with the Privacy Act, 5 U.S.C. 552a, as
amended.
(4) To a Federal, State, local, tribal, territorial, foreign, or
international agency, in response to queries regarding persons who
may pose a risk to transportation or national security; a risk of air
piracy or terrorism or a threat to airline or passenger safety; or a
threat to aviation safety, civil aviation, or national security.
(5) To the Department of State and other Intelligence Community
agencies to further the mission of those agencies relating to persons
who may pose a risk to transportation or national security; a risk of
air piracy or terrorism or a threat to airline or passenger safety; a
threat to aviation safety, civil aviation, or national security.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual,
or the issuance of a security clearance, license, contract, grant, or
other benefit.
(7) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(8) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(9) To third parties during the course of an investigation into
violations or potential violations of transportation security laws to
the extent necessary to obtain information pertinent to the
investigation.
(10) To airport operators, aircraft operators, and maritime and
land transportation operators about individuals who are their
employees, job applicants, or contractors, or persons to whom they
issue identification credentials or grant clearances to secured areas
in transportation facilities when relevant to such employment,
application, contract, or the issuance of such credentials or
clearances.
(11) To the Department of Justice (DOJ) in review, settlement,
defense, and prosecution of claims, complaints, and law suits
involving matters over which TSA exercises jurisdiction.
(12) To the DOJ or other Federal agency conducting litigation or
in proceedings before any court, adjudicative or administrative body,
when: (a) TSA, or (b) any employee of TSA in his/her official
capacity, or (c) any employee of TSA in his/her individual capacity
where DOJ or TSA has agreed to represent the employee, or (d) the
United States or any agency thereof, is a party to the litigation or
has an interest in such litigation, and TSA determines that the
records are both relevant and necessary to the litigation and the use
of such records is compatible with the purpose for which TSA
collected the records.
(13) To a congressional office from the record of an individual
in response to an inquiry from that congressional office made at the
request of the individual.
(14) To the General Services Administration and the National
Archives and Records Administration in records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
(15) To the Attorney General of the United States or his/her
official designee, that indicates that an individual meets any of the
disqualifications for receipt, possession, shipment, or transport of
a firearm under the Brady Handgun Violence Prevention Act. In case of
a dispute concerning the validity of the information provided by TSA
to the Attorney General, or his/her designee, it shall be a routine
use of the information in this system of records to furnish records
or information to the national Background Information Check System,
established by the Brady Handgun Violence Prevention Act, as may be
necessary to resolve such dispute.
(16) To the DOJ, United States Attorney's Office, or other
federal agencies for further collection action on any delinquent debt
when circumstances warrant.
(17) To a debt collection agency for the purpose of debt
collection.
Disclosure to consumer reporting agencies:
Privacy Act information may be reported to consumer reporting
agencies pursuant to 5 U.S.C. 552a(b)(12) for the purpose of
collecting a debt on behalf of the United States Government.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
In electronic storage media and hard copy. Records that are
sensitive or classified are safeguarded in accordance with agency
procedures, and applicable Executive Orders and statutes.
Retrievability:
Records are retrieved by name, social security account number or
other assigned identifier of an individual covered by this system.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know and password protection
identification features. TSA file areas are locked after normal duty
hours and the facilities are protected from the outside by security
personnel.
Retention and disposal:
A request is pending for National Archives and Records
Administration approval for the retention and disposal of records in
this system.
System manager(s) and address:
Director, Office of the Executive Secretariat, TSA Headquarters,
West Tower, 12th Floor, 1206S, 601 S. 12th Street, Arlington, VA
22202-4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedure:
Same as ``Notification Procedure'' above. Provide your full name
and the description of the information that you seek, including the
time frame during which the record(s) may have been generated.
Individuals requesting access must comply with the Department of
Homeland Security's Privacy Act regulations on verification of
identity. (6 CFR 5.21(d)).
Contesting record procedures:
Same as ``Notification Procedure'' and ``Record Access
Procedure'' above.
Record source categories:
Information contained in this system is obtained from calls and
correspondence from or on behalf of individuals who contact TSA with
inquiries, comments, complaints, or claims, as well as from TSA
employees or contractors and witnesses, and other third parties who
provide pertinent information where applicable. Information may also
be collected from documents such as records of the contact made with
TSA, incident reports, and from other sources, such as employers,
state and local agencies, other Federal agencies, and related
material for background as appropriate.
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and
(k)(2).
DHS/TSA 007
System name:
Freedom of Information Act and Privacy Act Record System.
Security classification:
Classified, sensitive.
System location:
This system of records is located in the Freedom of Information
Act Office, Office of Law Enforcement and Security Liaison,
Transportation Security Administration (TSA) Headquarters in
Arlington, Virginia. Records will also be maintained at various TSA
field offices.
Categories of individuals covered by the system:
All individuals who submit Freedom of Information Act (FOIA) and
Privacy Act (PA) requests to TSA; individuals whose requests and/or
records have been referred to TSA by other agencies; and in some
instances, attorneys or other persons representing individuals
submitting such requests and appeals, individuals who are the
subjects of such requests, and/or TSA personnel assigned to handle
such requests or appeals.
Categories of records in the system:
Records received, created, or compiled in response to FOIA/PA
requests or appeals, including: The original requests and
administrative appeals; intra- or inter-agency memoranda,
correspondence, notes and other documentation related to the
processing of the FOIA/PA request; correspondence with the
individuals or entities that submitted the requested records,
including when those records might contain confidential business
information or personal information; and copies of the requested
records. Types of information in the records may include: requesters'
and their attorneys' or representatives' names, addresses, telephone
numbers, and TSA FOIA case numbers; names, office telephone numbers,
and office routing symbols of TSA employees; and names, telephone
numbers, and addresses of the submitter of the information requested.
Authority for maintenance of the system:
5 U.S.C. 301; 5 U.S.C. 552; 5 U.S.C. 552a; 44 U.S.C. 3101.
Purpose(s):
The system is maintained for the purpose of processing access
requests and administrative appeals under the FOIA and access and
amendment requests and appeals under the PA; for the purpose of
participating in litigation arising from such requests and appeals;
and for the purpose of assisting TSA in carrying out any other
responsibilities under the FOIA or the PA.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation and its
operating administrations when relevant or necessary to (a) ensure
safety and security in any mode of transportation; (b) enforce
safety- and security-related regulations and requirements; (c) assess
and distribute intelligence or law enforcement information related to
transportation security; (d) assess and respond to threats to
transportation; (e) oversee the implementation and ensure the
adequacy of security measures at airports and other transportation
facilities; (f) plan and coordinate any actions or activities that
may affect transportation safety and security or the operations of
transportation operators; or (g) the issuance, maintenance, or
renewal of a license, certificate, contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(3) To contractors, grantees, experts, consultants, or volunteers
when necessary to perform a function or service related to this
system of records for which they have been engaged. Such recipients
are required to comply with the Privacy Act, 5 U.S.C. 552a, as
amended.
(4) To a Federal, State, local, tribal, territorial, foreign, or
international agency, in response to queries regarding persons who
may pose a risk to transportation or national security; a risk of air
piracy or terrorism or a threat to airline or passenger safety; or a
threat to aviation safety, civil aviation, or national security.
(5) To the Department of State and other Intelligence Community
agencies to further the mission of those agencies relating to persons
who may pose a risk to transportation or national security; a risk of
air piracy or terrorism or a threat to airline or passenger safety; a
threat to aviation safety, civil aviation, or national security.
(6) To a Federal, State, territorial, tribal, local,
international, or foreign agency or entity for the purpose of
consulting with that agency or entity to assist TSA to make a
determination regarding access to or amendment of information, or for
the purpose of verifying the identity of an individual or the
accuracy of information submitted by an individual who has requested
access to or amendment of information.
(7) To a Federal agency or entity that furnished the record or
information for the purpose of permitting that agency or entity to
make a decision regarding access to or correction of the record or
information, or to a federal agency or entity for purposes of
providing guidance or advice regarding the handling of particular
requests.
(8) To the Department of Justice (DOJ) in review, settlement,
defense, and prosecution of claims, complaints, and law suits
involving matters over which TSA exercises jurisdiction.
(9) To the DOJ or other Federal agency conducting litigation or
in proceedings before any court, adjudicative or administrative body,
when: (a) TSA, or (b) any employee of TSA in his/her official
capacity, or (c) any employee of TSA in his/her individual capacity
where DOJ or TSA has agreed to represent the employee, or (d) the
United States or any agency thereof, is a party to the litigation or
has an interest in such litigation, and TSA determines that the
records are both relevant and necessary to the litigation and the use
of such records is compatible with the purpose for which TSA
collected the records.
(10) To a congressional office from the record of an individual
in response to an inquiry from that congressional office made at the
request of the individual.
(11) To the General Services Administration and the National
Archives and Records Administration in records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
(12) To the DOJ, United States Attorney's Office, or other
federal agencies for further collection action on any delinquent debt
when circumstances warrant.
(13) To a debt collection agency for the purpose of debt
collection.
(14) To the submitter or subject of a record or information to
assist TSA in making a determination as to access or amendment.
Disclosure to consumer reporting agencies:
Privacy Act information may be reported to consumer reporting
agencies pursuant to 5 U.S.C. 552a(b)(12), for the purpose of
collecting a debt on behalf of the United States.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records in this system are on paper and/or in electronic form.
Retrievability:
Records are retrieved by the name of the requester/appellant or
the attorney or other individual representing the requester, or other
identifier assigned to the request or appeal.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know; using locks, and
password protection identification features. Classified information
is appropriately stored in accordance with applicable requirements.
TSA file areas are locked after normal duty hours and the facilities
are protected from the outside by security personnel.
Retention and disposal:
Records are retained and disposed of in accordance with the
National Archives and Records Administration's General Records
Schedule 14. Files may be retained from 2 to 6 years, depending on
the type of file. For requests that result in litigation, the files
related to that litigation will be retained for 3 years after final
court adjudication.
System manager(s) and address:
Associate Director, Freedom of Information/Privacy Act Division,
Office of Law Enforcement & Security Liaison, TSA Headquarters, West
Tower, 10th Floor, TSA-20, 601 S. 12th Street, Arlington, VA 22202-
4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedures:
Same as ``Notification Procedures'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security's Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedures:
Same as ``Notification Procedure'' and ``Record Access
Procedures'' above.
Record source categories:
Information contained in this system is obtained from those
individuals who submit requests and administrative appeals pursuant
to the FOIA and the PA; the agency records searched and identified as
responsive in the process of responding to such requests and appeals;
Departmental personnel assigned to handle such requests and appeals;
other agencies or entities that have referred to TSA requests
concerning TSA records, or that have consulted with TSA regarding
handling of particular requests; and submitters or subjects of
records or information that have provided assistance to TSA in making
access or amendment determinations.
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and
(k)(2).
DHS/TSA 008
System name:
Transportation Security Administration Notification Contact Lists
Security classification:
Unclassified, sensitive.
System location:
The records of this system are electronically maintained in a
digital safe site at TSA Headquarters in Northern Virginia.
Categories of individuals covered by the system:
TSA employees and individuals who interact with TSA in providing
transportation security services, including land, air, and maritime
carrier and facility operators, local government officials, law
enforcement officials, and emergency response personnel. Members of
the public or the news media who ask to receive TSA travel alert
notifications and news releases.
Categories of records in the system:
Personal and business contact information, which includes but is
not limited to name, work title, work location, work phone numbers,
pager numbers, cellular phone numbers, home phone numbers, e-mail
addresses, and home addresses.
Authority for maintenance of the system:
5 U.S.C. 301, 49 U.S.C. 114, Pub. L. 107-347.
Purposes(s):
The system of records is designed to allow TSA to relay
information throughout the organization, to transportation security
emergency first responders, and to those individuals who ask to
receive TSA travel alert notifications and news releases.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to (a) ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence
or law enforcement information related to transportation security;
(d) assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at
airports and other transportation facilities; (f) plan and coordinate
any actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, certificate,
contract, grant, or other benefit.
(2) To contractors, grantees, experts, consultants, or other like
persons when necessary to perform a function or service related to
this system of records for which they have been engaged. Such
recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(3) To the National Archives and Records Administration or other
appropriate Federal agency in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(4) To any agency or instrumentality charged under applicable law
with the protection of the public health or safety under exigent
circumstances where the public health or safety is at risk.
(5) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(6) To airport operators, aircraft operators, and/or maritime and
land transportation operators when appropriate to address a threat or
potential threat to transportation security, or when required for
administrative purposes related to the effective and efficient
administration of transportation security laws.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in computer-accessible storage media and
hardcopy format.
Retrievability:
Records are retrieved by name, address, or other assigned
identifier of the individual on whom the records are maintained.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know by using locks, alarm
devices, passwords, and encrypting data communications. Electronic
access is limited by computer security measures that are strictly
enforced. TSA file areas are locked after normal duty hours and
facilities are protected by security personnel.
Retention and disposal:
Records in this system will be retained in accordance with a
schedule to be approved by the National Archives and Records
Administration. Individuals who ask to receive TSA notifications and
news releases will be deactivated from the contact list upon their
own request.
System managers and addresses:
TSA Office of Information Technology, Office of the Chief
Information Officer, TSA Headquarters, TSA-11, 601 South 12th Street,
Arlington, VA 22202-4220 (TSA Employee Contact List and TSA Alert
Notification System). TSA Public Affairs Office, TSA Headquarters,
TSA-4, 601 South 12th Street, Arlington, VA 22202-4220 (Public
Affairs News Releases). TSA Transportation Security Policy Office,
TSA Headquarters, TSA-9, 601 South 12th Street, Arlington, VA 22202-
4220 (E-mail Travel Alert Notification List).
Notification procedure:
To determine whether a contact list within this system contains
records relating to you, write to the appropriate System Manager(s)
identified above.
Record access procedure:
Same as ``Notification Procedure,'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedure:
Same as ``Notification Procedure'' and ``Record Access
Procedure,'' above.
Record source categories:
Information contained in this system is obtained from TSA Human
Resources, TSA employees or contractors, other government agencies,
and by individuals who voluntarily sign-up to receive TSA
notifications or news releases.
Exemptions claimed for the system:
None.
DHS/TSA 009
System name:
General Legal Records (GLR).
Security classification:
Sensitive, classified.
System location:
This system of records is located in the Office of the Chief
Counsel, Transportation Security Administration (TSA) Headquarters in
Arlington, Virginia. Records will also be maintained at various TSA
field offices.
Categories of individuals covered by the system:
TSA employees and former employees, other Federal agency
employees, members of the public, individuals involved in litigation
with TSA or involving TSA, witnesses, and to the extent not covered
by any other system, tort and property claimants who have filed
claims against the Government and individuals who are the subject of
an action requiring approval or action by a TSA official, such as
appeals, actions, training, awards, foreign travel, promotions,
selections, grievances, delegations, etc.
Categories of records in the system:
To the extent not covered by another system, records relating to
litigation by or against the U.S. Government (or litigation in which
the U.S. Government is not a party, but has an interest) resulting
from questions concerning TSA authority, criminal actions, claims,
torts, employment and sex discrimination, Rehabilitation Act,
personnel matters, contracts, foreclosures, actions against TSA
officials, criminal actions, titles to real property, other civil
matters, and records relating to requests for TSA records or the
testimony of TSA employees in state law criminal or civil litigation
in which TSA is not a party. Included are statements of claims,
documentary evidence, copies of condemnation or foreclosure
proceedings and decisions, lists of witnesses, supporting documents,
correspondence, legal opinions and memoranda and related records. The
system also includes claims by or against the Government, other than
litigation cases, arising from a transaction with TSA, and documents
related thereto, including demographic information, vouchers, witness
statements, legal decisions, and related material pertaining to such
claims.
Authority for maintenance of the system:
5 U.S.C. 301; 5 U.S.C 7301; 5 U.S.C. 7501; 28 U.S.C. 1346(b),
(c), 1402(b), 2401(b), 2412(c), 2671-80; 31 U.S.C. 3701, 3721; 42
U.S.C. 20003 et seq.; 44 U.S.C. 3101; 49 U.S.C. 114.
Purpose(s):
The system is maintained to assist attorneys in the Office of the
Chief Counsel in providing legal advice to TSA management on a wide
variety of legal issues; to respond to claims by employees, former
employees, and other individuals; to assist in the settlement of
claims against the government; to represent TSA during litigation,
and to maintain internal statistics.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation and its
operating administrations when relevant or necessary to (a) ensure
safety and security in any mode of transportation; (b) enforce
safety- and security-related regulations and requirements; (c) assess
and distribute intelligence or law enforcement information related to
transportation security; (d) assess and respond to threats to
transportation; (e) oversee the implementation and ensure the
adequacy of security measures at airports and other transportation
facilities; (f) plan and coordinate any actions or activities that
may affect transportation safety and security or the operations of
transportation operators; or (g) the issuance, maintenance, or
renewal of a license, certificate, contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(3) To contractors, grantees, experts, consultants, or volunteers
when necessary to perform a function or service related to this
system of records for which they have been engaged. Such recipients
are required to comply with the Privacy Act, 5 U.S.C. 552a, as
amended.
(4) To a Federal, state, local, tribal, territorial, foreign, or
international agency, in response to queries regarding persons who
may pose a risk to transportation or national security; a risk of air
piracy or terrorism or a threat to airline or passenger safety; or a
threat to aviation safety, civil aviation, or national security.
(5) To the Department of State and other Intelligence Community
agencies to further the mission of those agencies relating to persons
who may pose a risk to transportation or national security; a risk of
air piracy or terrorism or a threat to airline or passenger safety; a
threat to aviation safety, civil aviation, or national security.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual,
or the issuance of a security clearance, license, contract, grant, or
other benefit.
(7) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(8) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(9) To third parties during the course of an investigation into
violations or potential violations of transportation security laws to
the extent necessary to obtain information pertinent to the
investigation.
(10) To airport operators, aircraft operators, and maritime and
land transportation operators about individuals who are their
employees, job applicants, or contractors, or persons to whom they
issue identification credentials or grant clearances to secured areas
in transportation facilities when relevant to such employment,
application, contract, or the issuance of such credentials or
clearances.
(11) To the Department of Justice (DOJ) in review, settlement,
defense, and prosecution of claims, complaints, and law suits
involving matters over which TSA exercises jurisdiction.
(12) To the DOJ or other Federal agency conducting litigation or
in proceedings before any court, adjudicative or administrative body,
when: (a) TSA, or (b) any employee of TSA in his/her official
capacity, or (c) any employee of TSA in his/her individual capacity
where DOJ or TSA has agreed to represent the employee, or (d) the
United States or any agency thereof, is a party to the litigation or
has an interest in such litigation, and TSA determines that the
records are both relevant and necessary to the litigation and the use
of such records is compatible with the purpose for which TSA
collected the records.
(13) To a congressional office from the record of an individual
in response to an inquiry from that congressional office made at the
request of the individual.
(14) To the General Services Administration and the National
Archives and Records Administration in records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
(15) To the Attorney General of the United States or his/her
official designee, when information indicates that an individual
meets any of the disqualifications for receipt, possession, shipment,
or transport of a firearm under the Brady Handgun Violence Prevention
Act. In case of a dispute concerning the validity of the information
provided by TSA to the Attorney General, or his/her designee, it
shall be a routine use of the information in this system of records
to furnish records or information to the national Background
Information Check System, established by the Brady Handgun Violence
Prevention Act, as may be necessary to resolve such dispute.
(16) To the DOJ, United States Attorney's Office, or other
federal agencies for further collection action on any delinquent debt
when circumstances warrant.
(17) To a debt collection agency for the purpose of debt
collection.
Disclosure to consumer reporting agencies:
Privacy Act information may be reported to consumer reporting
agencies pursuant to 5 U.S.C. 552a(b)(12) collecting on behalf of the
United States Government.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records in this system are on paper and/or in electronic form.
Records that are classified are stored in accordance with applicable
executive orders and statutes.
Retrievability:
Records are retrieved by the name of an individual or by a case
number.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have an official need for access in order to
perform their duties and using locks and password protection
identification features. Classified information is appropriately
stored in secured safes in accordance with applicable requirements.
During normal hours of operation, all records of the Office of the
Chief Counsel are maintained in areas accessible only to authorized
personnel of TSA. TSA file areas are locked after normal duty hours
and the facilities are protected from the outside by security
personnel.
Retention and disposal:
National Archives and Records Administration approval is pending
for the records in this system. The records will be retained and
disposed of in accordance with the applicable provisions of the
records schedule for the Office of the Chief Counsel. Chief Counsel
office files are generally retained from 3 to 15 years, depending on
the type of file. Formal legal files and significant litigation files
are retained permanently for eventual transfer to the National
Archives of the United States.
System manager(s) and address:
Director of Operations, Office of the Chief Counsel, TSA
Headquarters, West Building, Floor 8, TSA-2 (Chief Counsel), 601 S.
12th Street, Arlington, VA 22202-4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedures:
Same as ``Notification Procedures'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security's Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedures:
Same as ``Notification Procedure,'' and ``Record Access
Procedures'' above.
Record source categories:
Information in this system of records is obtained from Federal
employees and former employees and other individuals involved in
litigation or other action or matter in which TSA is a party or has
an association. Information also is obtained from documents related
to such litigation, action, or matter.
Exemptions claimed from the system:
Portions of this system are exempt under 5 U.S.C. 552a(k)(1) and
(k)(2).
DHS/TSA 011
System name:
Transportation Security Intelligence Service (TSIS) Operations
Files
Security classification:
Classified, sensitive.
System location:
Records are maintained in TSA's Office of the Transportation
Security Intelligence Service in Washington, DC.
Categories of individuals covered by the system:
Individuals identified in intelligence, counterintelligence,
transportation security, or information system security reports and
supporting materials, including but not limited to individuals
involved in matters of intelligence, law enforcement or
transportation security, information systems security, the compromise
of classified information, or terrorism.
Categories of records in the system:
Records include biographic information; intelligence
requirements, analysis, and reporting; information systems security
analysis and reporting; articles, public-source data, and other
published information on individuals and events of interest to TSA/
TSIS; actual or purported compromises of classified intelligence;
countermeasures in connection therewith; identification of classified
source documents and distribution thereof; records related to
transportation security matters (e.g., reports of security-related
incidents), and law enforcement records as they pertain to issues
involving transportation security.
Authority for maintenance of the system:
49 U.S.C. 114; National Security Act of 1947, as amended, 50
U.S.C. 403-3(d)(2); National Security Agency Act of 1959, Pub. L. 86-
36, as amended, 50 U.S.C. 402 Note; E.O. 12333; E.O. 13292 and 12958;
E.O. 9397; and National Security Directive 42.
Purpose(s):
To maintain records on intelligence, counterintelligence,
transportation security, and information systems security matters as
they relate to TSA's mission of protecting the nation's
transportation systems. To identify potential threats to
transportation security, uphold and enforce the law, and ensure
public safety.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To U.S. Government agencies, and in some instances foreign
government agencies or their representatives, to provide
intelligence, counterintelligence, information systems and
transportation security information, and other information for the
purpose of counterintelligence or antiterrorism activities authorized
by U.S. law or Executive Order or for the purpose of enforcing laws
that protect national and transportation security of the U.S.
(2) To U.S. Government agencies regarding compromises of
classified information including the document(s) apparently
compromised, implications of disclosure of intelligence sources and
methods, investigative data on compromises, and statistical and
substantive analysis of the data.
(3) To any U.S. Government organization in order to facilitate
any security, employment, detail, liaison, or contractual decision by
any U.S. Government organization, or to facilitate access to any U.S.
Government information system.
(4) To U.S. agencies involved in the protection of intelligence
sources and methods to facilitate such protection and to support
intelligence analysis and reporting.
(5) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual,
or the issuance of a security clearance, license, contract, grant, or
other benefit.
(7) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(8) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(9) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(10) To the Department of Justice (DOJ) or other Federal agency
in the review, settlement, defense, and prosecution of claims,
complaints, and lawsuits involving matters over which TSA exercises
jurisdiction or when conducting litigation or in proceedings before
any court, adjudicative or administrative body, when: (a) TSA, or (b)
any employee of TSA in his/her official capacity, or (c) any employee
of TSA in his/her individual capacity where DOJ or TSA has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(11) To the National Archives and Records Administration or other
appropriate Federal agency in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(12) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to (a) ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence
or law enforcement information related to transportation security;
(d) assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at
airports and other transportation facilities; (f) plan and coordinate
any actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, certificate,
contract, grant, or other benefit.
(13) To contractors, grantees, experts, consultants, or other
like persons when necessary to perform a function or service related
to this system of records for which they have been engaged. Such
recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(14) To third parties during the course of or as follow-up to an
investigation into violations or potential violations of the law, or
an investigation related to the hiring or retention of an individual,
or the issuance of a security clearance, license, contract, grant, or
other benefit, to the extent necessary to obtain information
pertinent to the follow-up inquiry or investigation.
(15) To airport operators, aircraft operators, and maritime and
land transportation operators about individuals who are their
employees, job applicants, or contractors, or persons to whom they
issue identification credentials or grant clearances to secured areas
in transportation facilities.
(16) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency regarding individuals
who pose or are suspected of posing a risk to transportation or
national security.
(17) To airport operators, aircraft operators, and/or maritime
and land transportation operators when appropriate to address a
threat or potential threat to transportation security, or when
required for administrative purposes related to the effective and
efficient administration of transportation security laws.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Magnetic tape, disk or other computer storage media, computer
listings and databases, paper in file folders, audio recordings,
microfilm or microfiche.
Retrievability:
Information is retrieved by the individual's name, social
security number, or other assigned personal identifier.
Safeguards:
Records stored on paper, computer printouts, audio recordings,
and microfilm are stored in secure, limited-access facilities in
lockable containers. Access to this information is limited to those
individuals specifically authorized and granted access by TSA/TSIS.
Computer record access is controlled by passwords or physical
protection and is limited to authorized personnel only.
Retention and disposal:
A request is pending for National Archives and Records
Administration approval for the retention and disposal of records in
this system.
System manager(s) and address:
Special Assistant, Transportation Security Intelligence Service,
TSA-10, 601 South 12th Street, Arlington, VA 22202-4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Manager identified above.
Record access procedure:
Same as ``Notification Procedure,'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedure:
Same as ``Notification Procedure'' and ``Record Access
Procedure,'' above.
Record source categories:
Information contained in this system is obtained from subject
individuals; other U.S. agencies and organizations; media, including
periodicals, newspapers, and broadcast transcripts; public and
classified reporting, intelligence source documents, investigative
reports, and correspondence.
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(j)(2),
(k)(1), (k)(2), and (k)(5).
DHS/TSA 012
System name:
Transportation Worker Identification Credentialing (TWIC) System.
Security classification:
Unclassified.
System locations:
Records will be maintained in a secure, centralized location for
selected transportation facilities within three geographic regions:
Delaware River and Bay, Los Angeles/Long Beach, California, and the
State of Florida. Locations within the Los Angeles/Long Beach region
include Carson, CA; Terminal Island, CA; Oakland, CA; San Pedro, CA;
Long Beach, CA; and Los Angeles, CA. Locations within the Delaware
River and Bay area include Philadelphia, PA; Islip, NY; Camden, NJ;
and Wilmington, DE. Locations within Florida include Pensacola,
Panama City, St. Joe, Amelia Island, Jacksonville, Tampa, St.
Petersburg, Palmetto, Cape Canaveral, Ft. Pierce, Riviera Beach, Fort
Lauderdale, Miami, and Key West.
Categories of individuals covered by the system:
Transportation workers and individuals, and/or authorized
visitors, participating in the Prototype Phase of the Transportation
Worker Identification Credential (TWIC) Program who are authorized
unescorted entry to secure transportation areas.
Categories of records in the system:
This system will contain a minimum amount of information during
the TWIC Prototype Phase and may include: (1) Individual's name; (2)
other demographic data to include: address, phone number, social
security number, date of birth, and place of birth; (3)
administrative identification codes and unique card serial number;
(4) systems identification codes; (5) company/organization or
affiliation; (6) issue date; (7) biometric data and digital
photograph; (8) access level information; (9) copies of documents
that verify address and identity, such as birth certificates,
government photo identification, drivers licenses and the like, and
(10) expiration date.
Authority for maintenance of the system:
49 U.S.C. 114; 49 U.S.C. 44903(g); 46 U.S.C. 70105.
Purpose(s):
In cooperation with transportation facility operators, the
records are maintained to evaluate and test certain technologies and
business processes in the Prototype Phase of TSA's pilot project to
develop a TWIC to improve identity management and access control for
transportation workers requiring unescorted access to secure areas of
transportation facilities. Additionally, TSA will use certain data
elements to support the development and operation of site specific
security plans at local transportation facilities. This system is not
intended to cover security threat assessments that will be conducted
on individuals who seek to obtain a TWIC. Records pertaining to
security threat assessments conducted on volunteers of this pilot are
maintained in DHS/TSA 002, the Transportation Security Threat
Assessment System (T-STAS).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(2) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual as
an employee or a contractor, or the issuance of a security clearance
or license.
(3) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(4) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(5) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(6) To the Department of Justice (DOJ) or other Federal agency in
the review, settlement, defense, and prosecution of claims,
complaints, and lawsuits involving matters over which TSA exercises
jurisdiction or when conducting litigation or in proceedings before
any court, adjudicative or administrative body, when: (a) TSA, or (b)
any employee of TSA in his/her official capacity, or (c) any employee
of TSA in his/her individual capacity where DOJ or TSA has agreed to
represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(7) To the National Archives and Records Administration or other
appropriate Federal agency pursuant to records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
(8) To the United States Department of Transportation, its
operating administrations, or the appropriate state or local agency
when relevant or necessary to: (a) Ensure safety and security in any
mode of transportation; (b) enforce safety- and security-related
regulations and requirements; (c) assess and distribute intelligence
or law enforcement information related to transportation security;
(d) assess and respond to threats to transportation; (e) oversee the
implementation and ensure the adequacy of security measures at
airports and other transportation facilities; (f) plan and coordinate
any actions or activities that may affect transportation safety and
security or the operations of transportation operators; or (g) the
issuance, maintenance, or renewal of a license, certificate,
contract, grant, or other benefit.
(9) To TSA contractors, agents, grantees, experts, consultants,
or other like persons when necessary to perform a function or service
related to this system of records for which they have been engaged.
Such recipients are required to comply with the Privacy Act, 5 U.S.C.
552a, as amended.
(10) To third parties during the course of an investigation into
violations or potential violations of transportation security laws to
the extent necessary to obtain information pertinent to the
investigation.
(11) To airport operators, aircraft operators, and maritime and
land transportation operators and contractors about individuals who
are their employees, job applicants, or contractors, or persons to
whom they issue identification credentials or grant clearances or
access to secured areas in transportation facilities when relevant to
such employment, application, contract, the issuance of such
credentials or clearances, or access to such secure areas.
(12) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency regarding individuals
who pose or are suspected of posing a risk to transportation or
national security.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper, bar code, magnetic stripe, optical memory, disk,
integrated circuit chip (ICC), and electronic media.
Retrievability:
Data records contained within bar codes, magnetic stripe, optical
memory stripe, disk, ICC, and/or electronic media may be retrieved by
the individuals' name, unique card number, or organization; paper
records, where applicable, are retrieved alphabetically by name.
Safeguards:
Unauthorized personnel are denied physical access to the location
where records are stored. For computerized records, safeguards
established in accordance with generally acceptable information
security guidelines via use of security codes, passwords, Personal
Identification Numbers (PINs), etc. Data security and integrity
safeguards will be observed during data transmission to the database
using strong encryption and digital signing methodologies.
Retention and disposal:
Record disposition authority for these records is pending at the
National Archives and Records Administration.
System manager(s) and address:
Assistant Director for Compliance, Credentialing Program Office,
TSA Headquarters, TSA-19, 601 S. 12th Street, Arlington, VA 22202-
4220.
Notification procedure:
To determine if this system contains a record relating to you,
write to the system manager at the address indicated above and
provide your full name, current address, date of birth, place of
birth, and a description of information that you seek, including the
time frame during which the record(s) may have been generated. You
may also provide your Social Security Number or other unique
identifier(s) but you are not required to do so. Individuals
requesting access must comply with the Department of Homeland
Security's Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Record access procedure:
Same as ``notification procedure,'' above.
Contesting record procedure:
Same as ``notification procedure,'' above.
Record source categories:
TSA obtains information in this system from the individuals who
are covered by the system, their employers, or their transportation
facility.
Exemptions claimed for the system:
None.
DHS/TSA 013
System name:
Federal Flight Deck Officer Record System (FFDORS).
Security classification:
Classified, sensitive.
System location:
Federal Flight Deck Officer (FFDO) Program records are maintained
at the offices of the Transportation Security Administration (TSA)
Headquarters in Arlington, Virginia.
Categories of individuals covered by the system:
(1) All individuals who volunteer to participate in the FFDO
program, (2) FFDO program participants, i.e., those volunteers who
are accepted into the FFDO training program and deputized as FFDOs,
and (3) former FFDO program participants.
Categories of records in the system:
This system includes all records required in connection with an
individual's voluntary participation in the program, including
records associated with FFDO application, selection, training,
participation, retention and requalification. FFDORS includes records
about individuals who applied but were not accepted into the program.
Such records may include, but are not limited to the following: (a)
Volunteer forms prepared by applicants for program participation
containing such information as work history, education, military
service, certificates of specialized training, awards and honors; (b)
copies of correspondence between the applicant and TSA, and between
TSA and other agencies, applicant places of employment, and
educational institutions, for the purposes of verifying information
provided to TSA by the applicant; (c) the FD-258 Fingerprint card,
investigative summaries, and compilations of criminal history record
checks, to include administrative records and correspondence
incidental to the background investigation process, obtained from
various law enforcement authorities; (d) results of written cognitive
and noncognitive assessments and information regarding how the
volunteer form was rated, prepared by TSA employees or contract
psychologists; (e) records regarding the TSA's final decision to
accept or reject volunteers for the FFDO program for suitability or
medical reasons, including records prepared by TSA employees, and
responses to and results of approved psychological assessments or
similar tests administered by TSA; (f) results of telephonic or in-
person interviews with program volunteers, including summary
recommendations regarding the individual's participation in the
program, prepared by TSA employees; (g) records prepared by TSA
employees related to the selection or rejection of volunteer
applicants (to include records generated as a result of any
administrative appeal of TSA's determination to reject an applicant),
and records related to recertification and decertification; (h)
records prepared by TSA employees related to training, including
academic and firearms performance; and (i) records prepared by TSA
employees related to requalification and deputation renewal.
Authority for maintenance of the system:
49 U.S.C. 114, 44921.
Purpose(s):
The purpose of this system is to maintain records necessary for
the assessment and acceptance of volunteers, and the training,
participation and recertification of deputized volunteer pilots of
air carriers providing passenger air transportation or intrastate
passenger air transportation as Federal law enforcement officers to
defend the flight decks of aircraft of such air carriers against acts
of criminal violence or air piracy.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) To the United States Department of Transportation and its
operating administrations when relevant or necessary to (a) ensure
safety and security in any mode of transportation; (b) enforce
safety- and security-related regulations and requirements; (c) assess
and distribute intelligence or law enforcement information related to
transportation security; (d) assess and respond to threats to
transportation; (e) oversee the implementation and ensure the
adequacy of security measures at airports and other transportation
facilities; (f) plan and coordinate any actions or activities that
may affect transportation safety and security or the operations of
transportation operators; or (g) the issuance, maintenance, or
renewal of a license, certificate, contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal,
territorial, foreign, or international agency responsible for
investigating, prosecuting, enforcing, or implementing a statute,
rule, regulation, or order, where TSA becomes aware of an indication
of a violation or potential violation of civil or criminal law or
regulation.
(3) To contractors, grantees, experts, consultants, or volunteers
when necessary to perform a function or service related to this
system of records for which they have been engaged. Such recipients
are required to comply with the Privacy Act, 5 U.S.C. 552a, as
amended.
(4) To a Federal, State, local, tribal, territorial, foreign, or
international agency, in response to queries regarding persons who
may pose a risk to transportation or national security; a risk of air
piracy or terrorism or a threat to airline or passenger safety; or a
threat to aviation safety, civil aviation, or national security.
(5) To the Department of State and other Intelligence Community
agencies to further the mission of those agencies relating to persons
who may pose a risk to transportation or national security; a risk of
air piracy or terrorism or a threat to airline or passenger safety; a
threat to aviation safety, civil aviation, or national security.
(6) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual,
or the issuance of a security clearance, license, contract, grant, or
other benefit.
(7) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary to obtain information relevant to
a TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(8) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(9) To third parties to the extent necessary to obtain
information pertinent to the individual's fitness and qualifications
for the FFDO program.
(10) To airport operators, aircraft operators, and maritime and
land transportation operators about individuals who are their
employees, job applicants, or contractors, or persons to whom they
issue identification credentials or grant clearances to secured areas
in transportation facilities when relevant to such employment,
application, contract, or the issuance of such credentials or
clearances.
(11) To the Department of Justice (DOJ) in review, settlement,
defense, and prosecution of claims, complaints, and lawsuits
involving matters over which TSA exercises jurisdiction.
(12) To the DOJ or other Federal agency conducting litigation or
in proceedings before any court, adjudicative or administrative body,
when: (a) TSA, or (b) any employee of TSA in his/her official
capacity, or (c) any employee of TSA in his/her individual capacity
where DOJ or TSA has agreed to represent the employee, or (d) the
United States or any agency thereof, is a party to the litigation or
has an interest in such litigation, and TSA determines that the
records are both relevant and necessary to the litigation and the use
of such records is compatible with the purpose for which TSA
collected the records.
(13) To a congressional office from the record of an individual
in response to an inquiry from that congressional office made at the
request of the individual.
(14) To the National Archives and Records Administration or
General Services Administration in records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
(15) To the Attorney General of the United States or his/her
official designee, when information indicates that an individual
meets any of the disqualifications for receipt, possession, shipment,
or transport of a firearm under the Brady Handgun Violence Prevention
Act. In case of a dispute concerning the validity of the information
provided by TSA to the Attorney General, or his/her designee, it
shall be a routine use of the information in this system of records
to furnish records or information to the national Background
Information Check System, established by the Brady Handgun Violence
Prevention Act, as may be necessary to resolve such dispute.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper and in computer-accessible
storage media. Records are also stored on microfiche and roll
microfilm.
Retrievability:
Records are retrieved by name, address, and social security
account number or other assigned tracking identifier of the
individual on whom the records are maintained.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have a need-to-know; using locks, alarm
devices, and passwords; and encrypting data communications. TSA file
areas are locked after normal duty hours and security personnel
protect the facilities from the outside.
Retention and disposal:
National Archives and Records Administration approval is pending
for the records in this system.
System manager(s) and address:
Director of the Credentialing Program Office, TSA Headquarters,
East Tower, 11th Floor, 601 S. 12th Street, Arlington, VA 22202-4220.
FFDO Program Manager, Office of Training and Quality Performance, TSA
Headquarters, East Tower, 12th Floor, TSA-12, TQP, 601 S. 12th
Street, Arlington, VA 22202-4220.
Notification procedure:
To determine whether this system contains records relating to
you, write to the System Managers identified above.
Record access procedures:
Same as ``Notification Procedures'' above. Provide your full name
and a description of information that you seek, including the time
frame during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland
Security Privacy Act regulations on verification of identity (6 CFR
5.21(d)).
Contesting record procedures:
Same as ``Notification Procedure,'' and ``Record Access
Procedures'' above.
Record source categories:
Information maintained in this system is primarily obtained from
the FFDO volunteer form or derived from information the applicant
supplied, reports from medical personnel on physical and
psychological results of examinations, training records, and law
enforcement and intelligence agency record systems, and individuals
interviewed as part of the background investigation.
Exemptions claimed for the system:
Portions of this system are exempt under 5 U.S.C. 552a(k)(1),
(k)(2) and
HOMELAND SECURITY DEPARTMENT
Title 6-Homeland Security
PART 5--DISCLOSURE OF RECORDS AND INFORMATION
Subpart B--Privacy Act
5.20 General provisions.
5.21 Requests for access to records.
5.22 Responsibility for responding to requests for access to records.
5.23 Responses to requests for access to records.
5.24 Classified information.
5.25 Appeals.
5.26 Requests for amendment or correction of records.
5.27 Requests for an accounting of record disclosures.
5.28 Preservation of records.
5.29 Fees.
5.30 Notice of court-ordered and emergency disclosures.
5.31 Security of systems of records.
5.32 Contracts for the operation of record systems.
5.33 Use and collection of social security numbers.
5.34 Standards of conduct for administration of the Privacy Act.
5.35 Sanctions and penalties.
5.36 Other rights and services.
Appendix A to Part 5--FOIA/Privacy Act Offices of the Department of
Homeland Security
Appendix B to Part 5--Public Reading Rooms of the Department of Homeland
Security
Authority: Pub. L. 107-296, 116 Stat. 2135; (6 U.S.C. 101 et seq.); 5
U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. Subpart B also
issued under 5 U.S.C. 552a.
Subpart B--Privacy Act
Sec. 5.20 General provisions.
(a) Purpose and scope. (1) This subpart contains the rules that the
Department of Homeland Security (Department) follows under the Privacy
Act of 1974 (5 U.S.C. 552a). These rules should be read together with
the Privacy Act, which provides additional information about records
maintained on individuals. The rules in this subpart apply to all
records in systems of records maintained by the Department that are
retrieved by an individual's name or personal identifier. They describe
the procedures by which individuals may request access to records about
themselves, request amendment or correction of those records, and
request an accounting of disclosures of those by the Department. In
addition, the Department processes all Privacy Act requests for access
to records under the Freedom of Information Act (FOIA) ( 5 U.S.C. 552),
following the rules contained in subpart A of this part, which gives
requests the benefit of both statutes.
(2) The provisions established by this subpart shall apply to all
Department components that are transferred to the Department. Except to
the extent a Department component has adopted separate guidance under
the Privacy Act, the provisions of this subpart shall apply to each
component of the Department. Departmental components may issue their own
guidance under this subpart pursuant to approval by the Department.
(b) Definitions. As used in this subpart:
(1) Component means each separate bureau, office, board, division,
commission, service, or administration of the Department.
(2) Request for access to a record means a request made under Privacy
Act subsection (d)(1).
(3) Request for amendment or correction of a record means a request
made under Privacy Act subsection (d)(2).
(4) Request for an accounting means a request made under Privacy Act
subsection (c)(3).
(5) Requester means an individual who makes a request for access, a
request for amendment or correction, or a request for an accounting
under the Privacy Act.
(c) Authority to request records for a law enforcement purpose. The
head of a component or designee thereof is authorized to make written
requests under subsection (b)(7) of the Privacy Act for records
maintained by other agencies that are necessary to carry out an
authorized law enforcement activity.
(d) Notice on Departmental use of (b)(1) exemption. As a general
matter, when applying the (b)(1) exemption for disclosures within an
agency on a need to know basis, the Department will consider itself a
single entity, meaning that information may be disclosed between
components of the Department under the (b)(1) exemption.
(e) Interim Retention of Authorities. As an interim solution, all
agencies and components under the Department will retain the necessary
authority from their original purpose in order to conduct these
necessary activities. This includes the authority to maintain Privacy
Act systems of records, disseminate information pursuant to existing or
new routine uses, and retention of exemption authorities under sections
(j) and (k) of the Privacy Act, where applicable. This retention of an
agency or component's authorities and information practices will remain
in effect until this regulation is promulgated as a final rule, or the
Department revises all systems of records notices. This retention of
authority is necessary to allow components to fulfill their mission and
purpose during the transition period of the establishment of the
Department. During this transition period, the Department shall evaluate
with the components the existing authorities and information practices
and determine what revisions (if any) are appropriate and should be made
to these existing authorities and practices. The Department anticipates
that such revisions will be made either through the issuance of a
revised system of records notices or through subsequent final
regulations.
Sec. 5.21 Requests for access to records.
(a) How made and addressed. You may make a request for access to a
Department of Homeland Security record about yourself by appearing in
person or by writing directly to the Department component that maintains
the record. Your request should be sent or delivered to the component's
Privacy Act office at the address listed in appendix A to this part. In
most cases, a component's central Privacy Act office is the place to
send a Privacy Act request. For records held by a field office of the
U.S. Customs Service, U.S. Secret Service, U.S. Coast Guard, or any
other Department component with field offices, however, you must write
directly to that Customs, Secret Service, Coast Guard, or other field
office address, which can be found in most telephone books or by calling
the component's central Privacy Act office. (The functions of each
component are summarized elsewhere in this title and in the description
of the Department and its components in the ``United States Government
Manual,'' which is issued annually and is available in most libraries,
as well as for sale from the Government Printing Office's Superintendent
of Documents. This manual also can be accessed electronically at the
Government Printing Office's World Wide Web site (which can be found at
http://www.access.gpo.gov/su--docs). Some records are maintained under a
government-wide systems of records notice, for example, Official
Personnel Files are maintained under the authority of the Office of
Personnel Management. In order to access records maintained under a
government-wide notice, please send your request to the Privacy Act
office of the original department or agency from which the component was
transferred to the Department. If you cannot determine where within the
Department to send your request, you may send it to the Departmental
Disclosure Officer, Department of Homeland Security, Washington, DC
20528, and that office will forward it to the component(s) it believes
most likely to have the records that you seek. For the quickest possible
handling, you should mark both your request letter and the envelope
``Privacy Act Request.''
(b) Description of records sought. You must describe the records that
you want in enough detail to enable Department personnel to locate the
system of records containing them with a reasonable amount of effort.
Whenever possible, your request should describe the records sought, the
time periods in which you believe they were compiled, and the name or
identifying number of each system of records in which you believe they
are kept. The Department publishes notices in the Federal Register that
describe its components' systems of records. A description of the
Department's systems of records also may be found as part of the
``Privacy Act Compilation'' published by the National Archives and
Records Administration's Office of the Federal Register. This
compilation is available in most large reference and university
libraries. This compilation also can be accessed electronically at the
Government Printing Office's World Wide Web site (which can be found at
http://www.access.gpo.gov/su--docs).
(c) Agreement to pay fees. If you make a Privacy Act request for
access to records, it shall be considered an agreement by you to pay all
applicable fees charged under Sec. 5.29, up to $25.00. The component
responsible for responding to your request ordinarily shall confirm this
agreement in an acknowledgement letter. When making a request, you may
specify a willingness to pay a greater or lesser amount.
(d) Verification of identity. When you make a request for access to
records about yourself, you must verify your identity. You must state
your full name, current address, and date and place of birth. You must
sign your request and your signature must either be notarized or
submitted by you under 28 U.S.C. 1746, a law that permits statements to
be made under penalty of perjury as a substitute for notarization. While
no specific form is required, you may obtain forms for this purpose from
the Departmental Disclosure Officer, Department of Homeland Security,
Washington, DC 20528. In order to help the identification and location
of requested records, you may also, at your option, include your social
security number.
(e) Verification of guardianship. When making a request as the parent
or guardian of a minor or as the guardian of someone determined by a
court to be incompetent, for access to records about that individual,
you must establish:
(1) The identity of the individual who is the subject of the record,
by stating the name, current address, date and place of birth, and, at
your option, the social security number of the individual;
(2) Your own identity, as required in paragraph (d) of this section;
(3) That you are the parent or guardian of that individual, which you
may prove by providing a copy of the individual's birth certificate
showing your parentage or by providing a court order establishing your
guardianship; and
(4) That you are acting on behalf of that individual in making the
request.
(f) Verification in the case of third party information requests. If
you are making a request for records concerning an individual on behalf
of that individual, you must provide a statement from the individual
verifying the identity of the individual as provided in paragraph (d) of
this section. You must also provide a statement from the individual
certifying the individual's agreement that records concerning the
individual may be released to you.
Sec. 5.22 Responsibility for responding to requests for access to
records.
(a) In general. Except as stated in paragraphs (c), (d), and (e) of
this section, the component that first receives a request for access to
a record, and has possession of that record, is the component
responsible for responding to the request. In determining which records
are responsive to a request, a component ordinarily shall include only
those records in its possession as of the date the component begins its
search for them. If any other date is used, the component shall inform
the requester of that date.
(b) Authority to grant or deny requests. The head of a component, or
the component head's designee, is authorized to grant or deny any
request for access or amendment to a record of that component.
(c) Consultations and referrals. When a component receives a request
for access to a record in its possession, it shall determine whether
another component, or another agency of the Federal Government, is
better able to determine whether the record is exempt from access under
the Privacy Act. If the receiving component determines that it is best
able to process the record in response to the request, then it shall do
so. If the receiving component determines that it is not best able to
process the record, then it shall either:
(1) Respond to the request regarding that record, after consulting
with the component or agency best able to determine whether the record
is exempt from access and with any other component or agency that has a
substantial interest in it; or
(2) Refer the responsibility for responding to the request regarding
that record to the component best able to determine whether it is exempt
from access, or to another agency that originated the record (but only
if that agency is subject to the Privacy Act). Ordinarily, the component
or agency that originated a record will be presumed to be best able to
determine whether it is exempt from access.
(d) Law enforcement information. Whenever a request is made for access
to a record containing information that relates to an investigation of a
possible violation of law and that was originated by another component
or agency, the receiving component shall either refer the responsibility
for responding to the request regarding that information to that other
component or agency or shall consult with that other component or
agency.
(e) Classified information. Whenever a request is made for access to a
record containing information that has been classified by or may be
appropriate for classification by another component or agency under
Executive Order 12958 or any other executive order concerning the
classification of records, the receiving component shall refer the
responsibility for responding to the request regarding that information
to the component or agency that classified the information, should
consider the information for classification, or has the primary interest
in it, as appropriate. Whenever a record contains information that has
been derivatively classified by a component because it contains
information classified by another component or agency, the component
shall refer the responsibility for responding to the request regarding
that information to the component or agency that classified the
underlying information.
(f) Release of Medical Records. Pursuant to 5 U.S.C. 552a(f)(3), where
requests are made for access to medical records, including psychological
records, the decision to release directly to the individual, or to
withhold direct release, shall be made by a medical practitioner. Where
the medical practitioner has ruled that direct release will cause harm
to the individual who is requesting access, normal release through the
individual's chosen medical practitioner will be recommended. Final
review and decision on appeals of disapprovals of direct release will
rest with the General Counsel.
(g) Notice of referral. Whenever a component refers all or any part of
the responsibility for responding to a request to another component or
agency, it ordinarily shall notify the requester of the referral and
inform the requester of the name of each component or agency to which
the request has been referred and of the part of the request that has
been referred.
(h) Timing of responses to consultations and referrals. All
consultations and referrals shall be handled according to the date the
Privacy Act access request was initially received by the first component
or agency, not any later date.
(i) Agreements regarding consultations and referrals. Components may
make agreements with other components or agencies to eliminate the need
for consultations or referrals for particular types of records.
Sec. 5.23 Responses to requests for access to records.
(a) Acknowledgements of requests. On receipt of a request, a component
ordinarily shall send an acknowledgement letter to the requester which
shall confirm the requester's agreement to pay fees under Sec. 5.21(c)
and provide an assigned request number for further reference.
(b) Grants of requests for access. Once a component makes a
determination to grant a request for access in whole or in part, it
shall notify the requester in writing. The component shall inform the
requester in the notice of any fee charged under Sec. 5.29 and shall
disclose records to the requester promptly on payment of any applicable
fee. If a request is made in person, the component may disclose records
to the requester directly, in a manner not unreasonably disruptive of
its operations, on payment of any applicable fee and with a written
record made of the grant of the request. If a requester is accompanied
by another person, the requester shall be required to authorize in
writing any discussion of the records in the presence of the other
person.
(c) Adverse determinations of requests for access. A component making
an adverse determination denying a request for access in any respect
shall notify the requester of that determination in writing. Adverse
determinations, or denials of requests, consist of: a determination to
withhold any requested record in whole or in part; a determination that
a requested record does not exist or cannot be located; a determination
that what has been requested is not a record subject to the Privacy Act;
a determination on any disputed fee matter; and a denial of a request
for expedited treatment. The notification letter shall be signed by the
head of the component, or the component head's designee, and shall
include:
(1) The name and title or position of the person responsible for the
denial;
(2) A brief statement of the reason(s) for the denial, including any
Privacy Act exemption(s) applied by the component in denying the
request; and
(3) A statement that the denial may be appealed under Sec. 5.25(a)
and a description of the requirements of Sec. 5.25(a).
Sec. 5.24 Classified information.
In processing a request for access to a record containing information
that is classified under Executive Order 12958 or any other executive
order, the originating component shall review the information to
determine whether it should remain classified. Information determined to
no longer require classification shall not be withheld from a requester
on the basis of Exemption (k)(1) of the Privacy Act. On receipt of any
appeal involving classified information, the Associate General Counsel
(General Law), shall take appropriate action to ensure compliance with
Part 7 of this title.
Sec. 5.25 Appeals.
(a) Appeals. If you are dissatisfied with a component's response to
your request for access to records, you may appeal an adverse
determination denying your request in any respect to the Associate
General Counsel (General Law), Department of Homeland Security,
Washington, DC 20528. You must make your appeal in writing and it must
be received by the Associate General Counsel (General Law) within 60
days of the date of the letter denying your request. Your appeal letter
may include as much or as little related information as you wish, as
long as it clearly identifies the component determination (including the
assigned request number, if known) that you are appealing. For the
quickest possible handling, you should mark both your appeal letter and
the envelope ``Privacy Act Appeal.''
(b) Responses to appeals. The decision on your appeal will be made in
writing. A decision affirming an adverse determination in whole or in
part will include a brief statement of the reason(s) for the affirmance,
including any Privacy Act exemption applied, and will inform you of the
Privacy Act provisions for court review of the decision. If the adverse
determination is reversed or modified on appeal in whole or in part, you
will be notified in a written decision and your request will be
reprocessed in accordance with that appeal decision. An adverse
determination by the Associate General Counsel (General Law) will be the
final action of the Department.
(c) When appeal is required. If you wish to seek review by a court of
any adverse determination or denial of a request, you must first appeal
it under this section. An appeal will not be acted on if the request
becomes a matter of litigation.
Sec. 5.26 Requests for amendment or correction of records.
(a) How made and addressed. Unless the record is not subject to
amendment or correction as stated in paragraph (f) of this section, you
may make a request for amendment or correction of a record of the
Department about you by writing directly to the Department component
that maintains the record, following the procedures in Sec. 5.21. Your
request should identify each particular record in question, state the
amendment or correction that you want, and state why you believe that
the record is not accurate, relevant, timely, or complete. You may
submit any documentation that you think would be helpful. If you believe
that the same record is in more than one system of records, you should
state that and address your request to each component that maintains a
system of records containing the record.
(b) Component responses. Within ten working days of receiving your
request for amendment or correction of records, a component shall send
you a written acknowledgment of its receipt of your request, and it
shall promptly notify you whether your request is granted or denied. If
the component grants your request in whole or in part, it shall describe
the amendment or correction made and shall advise you of your right to
obtain a copy of the corrected or amended record, in disclosable form.
If the component denies your request in whole or in part, it shall send
you a letter signed by the head of the component, or the component
head's designee, that shall state:
(1) The reason(s) for the denial; and
(2) The procedure for appeal of the denial under paragraph (c) of this
section, including the name and business address of the official who
will act on your appeal.
(c) Appeals. You may appeal a denial of a request for amendment or
correction to the Associate General Counsel (General Law) in the same
manner as a denial of a request for access to records (see Sec. 5.25)
and the same procedures shall be followed. If your appeal is denied, you
shall be advised of your right to file a Statement of Disagreement as
described in paragraph (d) of this section and of your right under the
Privacy Act for court review of the decision.
(d) Statements of Disagreement. If your appeal under this section is
denied in whole or in part, you have the right to file a Statement of
Disagreement that states your reason(s) for disagreeing with the
Department's denial of your request for amendment or correction.
Statements of Disagreement must be concise, must clearly identify each
part of any record that is disputed, and should be no longer than one
typed page for each fact disputed. Your Statement of Disagreement must
be sent to the component involved, which shall place it in the system of
records in which the disputed record is maintained and shall mark the
disputed record to indicate that a Statement of Disagreement has been
filed and where in the system of records it may be found.
(e) Notification of amendment/correction or disagreement. Within 30
working days of the amendment or correction of a record, the component
that maintains the record shall notify all persons, organizations, or
agencies to which it previously disclosed the record, if an accounting
of that disclosure was made, that the record has been amended or
corrected. If an individual has filed a Statement of Disagreement, the
component shall append a copy of it to the disputed record whenever the
record is disclosed and may also append a concise statement of its
reason(s) for denying the request to amend or correct the record.
(f) Records not subject to amendment or correction. The following
records are not subject to amendment or correction:
(1) Transcripts of testimony given under oath or written statements
made under oath;
(2) Transcripts of grand jury proceedings, judicial proceedings, or
quasi-judicial proceedings, which are the official record of those
proceedings;
(3) Presentence records that originated with the courts; and
(4) Records in systems of records that have been exempted from
amendment and correction under Privacy Act (5 U.S.C. 552a(j) or (k)) by
notice published in the Federal Register.
Sec. 5.27 Requests for an accounting of record disclosures.
(a) How made and addressed. Except where accountings of disclosures
are not required to be kept (as stated in paragraph (b) of this
section), you may make a request for an accounting of any disclosure
that has been made by the Department to another person, organization, or
agency of any record about you. This accounting contains the date,
nature, and purpose of each disclosure, as well as the name and address
of the person, organization, or agency to which the disclosure was made.
Your request for an accounting should identify each particular record in
question and should be made by writing directly to the Department
component that maintains the record, following the procedures in Sec.
5.21.
(b) Where accountings are not required. Components are not required to
provide accountings to you where they relate to:
(1) Disclosures for which accountings are not required to be kept,
such as disclosures that are made to employees within the agency and
disclosures that are made under the FOIA;
(2) Disclosures made to law enforcement agencies for authorized law
enforcement activities in response to written requests from those law
enforcement agencies specifying the law enforcement activities for which
the disclosures are sought; or
(3) Disclosures made from law enforcement systems of records that have
been exempted from accounting requirements.
(c) Appeals. You may appeal a denial of a request for an accounting to
the Associate General Counsel (General Law) in the same manner as a
denial of a request for access to records (see Sec. 5.25) and the same
procedures will be followed.
Sec. 5.28 Preservation of records.
Each component will preserve all correspondence pertaining to the
requests that it receives under this subpart, as well as copies of all
requested records, until disposition or destruction is authorized by
title 44 of the United States Code or the National Archives and Records
Administration's General Records Schedule 14. Records will not be
disposed of while they are the subject of a pending request, appeal, or
lawsuit under the Act.
Sec. 5.29 Fees.
(a) Components shall charge fees for duplication of records under the
Privacy Act in the same way in which they charge duplication fees under
Sec. 5.11.
(b) The Department shall not process a request under the Privacy Act
from persons with an unpaid fee from any previous Privacy Act request to
any Federal agency until that outstanding fee has been paid in full to
the agency.
Sec. 5.30 Notice of court-ordered and emergency disclosures.
(a) Court-ordered disclosures. When a record pertaining to an
individual is required to be disclosed by a court order, the component
shall make reasonable efforts to provide notice of this to the
individual. Notice shall be given within a reasonable time after the
component's receipt of the order, except that in a case in which the
order is not a matter of public record, the notice shall be given only
after the order becomes public. This notice shall be mailed to the
individual's last known address and shall contain a copy of the order
and a description of the information disclosed. Notice shall not be
given if disclosure is made from a criminal law enforcement system of
records that has been exempted from the notice requirement.
(b) Emergency disclosures. Upon disclosing a record pertaining to an
individual made under compelling circumstances affecting health or
safety, the component shall notify that individual of the disclosure.
This notice shall be mailed to the individual's last known address and
shall state the nature of the information disclosed; the person,
organization, or agency to which it was disclosed; the date of
disclosure; and the compelling circumstances justifying the disclosure.
Sec. 5.31 Security of systems of records.
(a) In general. Each component shall establish administrative and
physical controls to prevent unauthorized access to its systems of
records, to prevent unauthorized disclosure of records, and to prevent
physical damage to or destruction of records. The stringency of these
controls shall correspond to the sensitivity of the records that the
controls protect. At a minimum, each component's administrative and
physical controls shall ensure that:
(1) Records are protected from public view;
(2) The area in which records are kept is supervised during business
hours to prevent unauthorized persons from having access to them;
(3) Records are inaccessible to unauthorized persons outside of
business hours; and
(4) Records are not disclosed to unauthorized persons or under
unauthorized circumstances in either oral or written form.
(b) Procedures required. Each component shall have procedures that
restrict access to records to only those individuals within the
Department who must have access to those records in order to perform
their duties and that prevent inadvertent disclosure of records.
Sec. 5.32 Contracts for the operation of record systems.
Under 5 U.S.C. 552a(m), any approved contract for the operation of a
record system will contain the standard contract requirements issued by
the General Services Administration to ensure compliance with the
requirements of the Privacy Act for that record system. The contracting
component will be responsible for ensuring that the contractor complies
with these contract requirements.
Sec. 5.33 Use and collection of social security numbers.
Each component shall ensure that employees authorized to collect
information are aware:
(a) That individuals may not be denied any right, benefit, or
privilege as a result of refusing to provide their social security
numbers, unless the collection is authorized either by a statute or by a
regulation issued prior to 1975; and
(b) That individuals requested to provide their social security
numbers must be informed of:
(1) Whether providing social security numbers is mandatory or
voluntary;
(2) Any statutory or regulatory authority that authorizes the
collection of social security numbers; and
(3) The uses that will be made of the numbers.
Sec. 5.34 Standards of conduct for administration of the Privacy
Act.
Each component will inform its employees of the provisions of the
Privacy Act, including the Act's civil liability and criminal penalty
provisions. Unless otherwise permitted by law, the Department shall:
(a) Collect from individuals only the information that is relevant and
necessary to discharge the responsibilities of the Department;
(b) Collect information about an individual directly from that
individual whenever practicable and when the information may result in
adverse determinations about an individual's rights, benefits, and
privileges under federal programs;
(c) Inform each individual from whom information is collected of:
(1) The legal authority to collect the information and whether
providing it is mandatory or voluntary;
(2) The principal purpose for which the Department intends to use the
information;
(3) The routine uses the Department may make of the information; and
(4) The effects on the individual, if any, of not providing the
information;
(d) Ensure that the component maintains no system of records without
public notice and that it notifies appropriate Department officials of
the existence or development of any system of records that is not the
subject of a current or planned public notice;
(e) Maintain all records that are used by the Department in making any
determination about an individual with such accuracy, relevance,
timeliness, and completeness as is reasonably necessary to ensure
fairness to the individual in the determination;
(f) Except as to disclosures made to an agency or made under the FOIA,
make reasonable efforts, prior to disseminating any record about an
individual, to ensure that the record is accurate, relevant, timely, and
complete;
(g) Maintain no record describing how an individual exercises his or
her First Amendment rights, unless it is expressly authorized by statute
or by the individual about whom the record is maintained, or is
pertinent to and within the scope of an authorized law enforcement
activity;
(h) When required by the Privacy Act, maintain an accounting in the
specified form of all disclosures of records by the Department to
persons, organizations, or agencies;
(i) Maintain and use records with care to prevent the unauthorized or
inadvertent disclosure of a record to anyone.
Sec. 5.35 Sanctions and penalties.
Under the provisions of the Privacy Act, 5 U.S.C. 552a, civil and
criminal penalties may be assessed.
Sec. 5.36 Other rights and services.
Nothing in this subpart shall be construed to entitle any person, as
of right, to any service or to the disclosure of any record to which
such person is not entitled under the Privacy Act.
Appendix A to Part 5--FOIA /Privacy Act Offices of the Department of
Homeland Security
I. For the following Headquarters components of the Department of
Homeland Security, FOIA and Privacy Act requests should be sent to the
Departmental Disclosure Office, Department of Homeland Security,
Washington, DC 20528. The Headquarters components are:
A
Office of the Secretary
Office of the Deputy Secretary
Office of the Under Secretary for Management
B
Office of the General Counsel
Office of the Inspector General
Office of International Affairs
Office of Legislative Affairs
Office of Public Affairs
Office of National Capital Region Coordination
Office of Professional Responsibility
Office for State and Local Government Coordination
C
Directorate of Border and Transportation Security
Directorate of Emergency Preparedness and Response
Directorate of Information Analysis and Infrastructure Protection
Directorate of Science and Technology
II. Requests made to components that have transferred or will transfer
into the Department of Homeland Security, should be sent as follows:
A. Former components of the Department of Agriculture:
1. Animal and Plant Health Inspection Service, USDA, APHIS, LPA, FOIA,
4700 River Road, Unit 50, Riverdale, MD 20737-1232
2. Plum Island Animal Disease Center; Submit request to the APHIS
address above or, FOIA Coordinator, USDA-REE-ARS-Information Staff,
5601 Sunnyside Avenue, Bldg. 1, Room 2248, Mail Stop 5128,
Beltsville, MD 20705-5128
B. Former components of the Department of Commerce:
1. Critical Infrastructure Assurance Office (A former office of the
Bureau of Industry and Security); Freedom of Information
Coordinator, Bureau of Industry and Security, Room 6883, U.S.
Department of Commerce, Washington, DC 20230
2. FIRESTAT (formerly the Integrated Hazard Information System of the
National Oceanic and Atmospheric Administration), National Oceanic
and Atmospheric Administration, Public Reference Facility (OFAx2),
1315 East-West Highway (SSMC3), Room 10703, Silver Spring, MD 20910
C. Former components of the Department of Defense:
1. National Communications Service (A former component of the Defense
Information Systems Agency), Defense Information Systems Agency,
ATTN: RGC/FOIA Officer, 701 S. Courthouse Rd., Arlington, VA 22204-
2199
D. Former components and programs of the Department of Energy:
The address for each component and program listed below is: U.S.
Department of Energy, 1000 Independence Avenue, SW., Washington, DC
20585
1. Energy Assurance Office
2. Environmental Measurements Laboratory
3. Nuclear Incident Response Team
4. The chemical and biological national security and supporting
programs and activities of the non-proliferation and verification
research and development program.
5. The life sciences activities related to microbial pathogens of
Biological and Environmental Research Program.
6. The nuclear smuggling programs and activities within the
proliferation detection program of the non-proliferation and
verification research and development program.
7. The nuclear assessment program and activities of the assessment,
detection, and cooperation program of the international materials
protection and cooperation program, and the advanced scientific
computing research program and activities at Lawrence Livermore National
Laboratory.
8. National Infrastructure Simulation and Analysis Center
E. Former components of the Department of Health and Human Services:
1. The address for each component and program listed below is:
Department of Health and Human Services, Freedom of Information Officer,
Room 645-F, Hubert H. Humphrey Building, Independence Avenue, SW.,
Washington, DC 20201;
a. Metropolitan Medical Response System,
b. National Disaster Medical System, and
c. Office of Emergency Preparedness
d. Strategic National Stockpile
2. Centers for Disease Control and Agency for Toxic Substances and
Disease Registry, Attn: FOI Office, MS-D54, 1600 Clifton Road, NE.,
Atlanta, GA 30333.
F. Former components of the Department of Justice:
1. Immigration and Naturalization Service, Director, Freedom of
Information/Privacy Act Program, Department of Justice, 425 Eye Street,
NW., 2nd Floor, ULLICO Building, Washington, DC 20536 (for field
offices, consult your phone book).
2. The address for each component and program listed below is: Federal
Bureau of Investigation, Chief, FOIPA Section, 935 Pennsylvania Avenue,
NW., Department of Justice, Washington, DC 20535-0001;
a. National Infrastructure Protection Center,
b. National Domestic Preparedness Office, and
c. Domestic Emergency Support Team.
3. Office of Domestic Preparedness, U.S. Department of Justice, Office
of Justice Programs, Office of the General Counsel, Attention: FOIA
Staff, 810 7th Street, NW., Room 5400, Washington, DC 20531.
G. Former components of the Department of State:
Visa Office, Information and Privacy Coordinator, Office of Information
Resources, Management Programs and Services, A/RPS/IPS, SA-2,
Department of State, Washington, DC 20522-6001, Re: Freedom of
Information Act Request.
H. Former components of the Department of Transportation:
1. Federal Aviation Administration, National Freedom of Information Act
Staff, ARC-40, 800 Independence Avenue, SW., Washington, DC 20591
(for regional centers, consult your phone book).
2. Transportation Security Administration, TSA-1, FOIA Division, 400
Seventh Street, SW., Washington, DC 20590
3. United States Coast Guard, HQ USCG Commandant, G-CIM, 2100 Second
Street, SW., Washington, DC 20593-0001 (for district offices,
consult your phone book).
I. Former components of the Department of Treasury:
1. Federal Law Enforcement Training Center, Freedom of Information Act
Officer, Townhouse 389, Glynco, GA 31524
2. U.S. Customs Service, Freedom of Information Act Request, Mint Annex,
1300 Pennsylvania Avenue, NW., Washington, DC 20229 (for field
offices, consult your phone book).
3. U.S. Secret Service, Freedom of Information Act Request, 950 H
Street, NW., Suite 3000, Washington, DC 20223, e-mail
[email protected]. Appeals should be addressed to the Deputy
Director, United States Secret Service, Freedom of Information and
Privacy Act Appeal Officer, at these same contact points.
J. Federal Emergency Management Agency: Federal Emergency Management
Agency, Office of General Counsel, 500 C Street, SW., Room 840,
Washington, DC 20472 (for regional offices, consult your phone book).
K. Former components of the General Services Administration:
1. For the Federal Computer Incident Response Center and the Federal
Protective Service: Chief, FOIA Information Management Branch, GSA
(CAIM), 1800 F Street, NW., Washington, DC 20405 (for regional
offices, consult your phone book).
Appendix B to Part 5--Public Reading Rooms of the Department of Homeland
Security
The Headquarters components of the Department of Homeland Security do
not maintain a conventional public reading room. Records that are
required to be in the public reading room are available electronically
at http://www.dhs.gov/FOIA.
Entities that will transfer into the Department of Homeland Security
maintain public reading rooms as follows:
1. Former components of the Department of Agriculture:
Animal and Plant Health Inspection Service Library, 4700 River Road,
Riverdale, MD 20737-1232
Plum Island Animal Disease Center, the APHIS address above or, USDA-ARS,
5601 Sunnyside Avenue, Building 1, Room 2248, Beltsville, MD 20705-
5128
2. Former components of the Department of Commerce:
The Critical Infrastructure Assurance Office (A former office of the
Bureau of Industry and Security) does not maintain a conventional public
reading room. Records that are required to be in the public reading room
are available electronically at http://www.bis.doc.gov/FOIA/Default.htm
FIRESTAT (formerly the Integrated Hazard Information System of the
National Oceanic and Atmospheric Administration), NOAA Public Reference
Facility, 1305 East-West Highway (SSMC4), Room 8627, Silver Spring, MD
20910
3. Former components of the Department of Defense:
The National Communication Service (A former component of the Defense
Information Systems Agency) does not maintain a conventional public
reading room. Records that are required to be in the public reading room
are available electronically at http://disa.mil/gc/foia/foia.html
4. Former components and programs of the Department of Energy:
The address for each component and program listed below is: U.S.
Department of Energy; 1000 Independence Avenue, SW., Washington, DC
20585
Energy Assurance Office
Environmental Measurements Laboratory
Nuclear Incident Response Team
The chemical and biological national security and supporting programs
and activities of the non-proliferation and verification research and
development program.
The life sciences activities related to microbial pathogens of
Biological and Environmental Research Program.
The nuclear smuggling programs and activities within the proliferation
detection program of the non-proliferation and verification research and
development program.
The nuclear assessment program and activities of the assessment,
detection, and cooperation program of the international materials
protection and cooperation program, and the advanced scientific
computing research program and activities at Lawrence Livermore National
Laboratory.
The National Infrastructure Simulation and Analysis Center
5. Former components of the Department of Health and Human Services:
For the Metropolitan Medical Response System, the National Disaster
Medical System, and the Office of Emergency Preparedness please contact
the Freedom of Information Act Officer at: Department of Health and
Human Services, Freedom of Information Officer, Room 645-F, Hubert H.
Humphrey Building, Independence Avenue, SW., Washington, DC 20201
Strategic National Stockpile, Centers for Disease Control and Agency
for Toxic Substances and Disease Registry, 1600 Clifton Road, NE., Room
4103, Building 1, Atlanta, GA 30333
6. Former components of the Department of Justice:
Immigration and Naturalization Service, 111 Massachusetts Avenue, NW.,
2nd Floor, ULLICO Building, Washington, DC 20536
For the National Infrastructure Protection Center, the National
Domestic Preparedness Office, and the Domestic Emergency Support Team:
Federal Bureau of Investigation, 935 Pennsylvania Avenue, NW.,
Department of Justice, Washington, DC 20535-0001
Office of Domestic Preparedness, U.S. Department of Justice, Office of
Justice Programs, 810 7th Street, NW., Room 5430, Washington, DC 20531
7. Former components of the Department of State:
Visa Office, Department of State, 2201 C Street, NW., Washington, DC
20520
8. Former components of the Department of Transportation:
Federal Aviation Administration, 800 Independence Avenue, SW.,
Washington, DC 20591
Transportation Security Administration, 400 Seventh Street, SW.,
Washington, DC 20590
United States Coast Guard Headquarters, 2100 Second Street, SW.,
Washington, DC 20593-0001 (for district offices, consult your phone
book).
9. Former components of the Department of Treasury:
The Federal Law Enforcement Training Center does not maintain a
conventional public reading room. Records that are required to be in the
public reading room are available electronically at http://
www.fletc.gov/irm/foia/readingroom.htm
U.S. Customs Service, 1300 Pennsylvania Avenue, NW., Washington, DC
20229 (for a list of field office public reading rooms please consult 19
CFR 103.1).
U.S. Secret Service, Main Treasury, 1500 Pennsylvania Avenue, NW.,
Washington, DC 20220
10. Federal Emergency Management Agency:
Federal Emergency Management Agency, Federal Center Plaza, 500 C
Street, SW., Room 840 Washington, DC 20472 (for regional offices,
consult your phone book)
11. Former components of the General Services Administration:
For the Federal Computer Incident Response Center and the Federal
Protective Service: Central Office, GSA Headquarters, 1800 F Street,
NW., (CAI), Washington, DC 20405 (for regional offices, consult your
phone book)
DHS/TSA 014
System name:
Telecommunications Usage Detail Records.
Security classification:
Unclassified, sensitive.
System location:
Records are maintained in the Office of Information Technology at TSA
Headquarters in Arlington, Virginia and at various TSA field offices.
Categories of individuals covered by the system:
Employees and contractor personnel who use or are assigned government
telephones, cell phones, facsimile machines, computers connected to the
Internet, or other telecommunications equipment.
Categories of records in the system:
Records relating to the use of government telecommunications
equipment; records indicating assignment of telecommunications equipment
to individuals, which may include the individual's name, duty title,
address, social security number, assigned equipment identifying
information, and assigned phone number; and records relating to the
location of government telecommunications equipment.
Authority for maintenance of the system:
5 U.S.C. 301; 49 U.S.C. 114; E.O. 9397 (Social Security Number).
Purposes:
Records are maintained to facilitate the management of
telecommunications equipment, to prevent the misuse of government
resources, and to serve as the basis for appropriate disciplinary action
in the event government resources have been misused.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
(1) To contractors, grantees, experts, consultants, or volunteers when
necessary to perform a function or service related to this system of
records for which they have been engaged. Such recipients are required
to comply with the Privacy Act, 5 U.S.C. 552a, as amended.
(2) To the appropriate Federal, State, local, tribal, territorial,
foreign, or international agency responsible for investigating,
prosecuting, enforcing, or implementing a statute, rule, regulation, or
order, where TSA becomes aware of an indication of a violation or
potential violation of civil or criminal law or regulation.
(3) To the Department of Justice (DOJ) or other Federal agency
conducting litigation or in proceedings before any court, adjudicative
or administrative body, when: (a) TSA, or (b) any employee of TSA in
his/her official capacity, or (c) any employee of TSA in his/her
individual capacity where DOJ or TSA has agreed to represent the
employee, or (d) the United States or any agency thereof, is a party to
the litigation or has an interest in such litigation, and TSA determines
that the records are both relevant and necessary to the litigation and
the use of such records is compatible with the purpose for which TSA
collected the records.
(4) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(5) To the General Services Administration and the National Archives
and Records Administration in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(6) To the Department of Justice, United States Attorney's Office, or
other agency for debt collection action on any delinquent debt when
circumstances warrant.
(7) To respond to a Federal agency's request made in connection with
the hiring or retention of an employee, the letting of a contract, or
issuance of a grant, license or other benefit by the requesting agency,
but only to the extent that the information disclosed is relevant and
necessary to the requesting agency's decision on the matter.
(8) To a telecommunications company providing telecommunications
support to permit servicing of the account.
(9) To third parties during the course of an investigation into
violations or potential violations of relevant laws, regulations, or
policies to the extent necessary to obtain information pertinent to the
investigation.
Disclosures to consumer reporting agencies:
Pursuant to 5 U.S.C. 552a(b)(12), disclosures may be made from this
system to consumer reporting agencies collecting on behalf of the United
States Government.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Records are stored in hard copy or in electronic format on a system
database.
Retrievability:
Records are retrieved by name, duty title, address, social security
number, equipment number, phone number, or other assigned identifier of
the individual on whom the records are maintained.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules, and policies. All records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. Control measures are enforced to ensure that
access to sensitive information in these records, such as Social
Security Numbers, is based on a ``need to know.''
Retention and disposal:
Records in this system will be retained in accordance with a schedule
to be approved by the National Archives and Records Administration.
System manager(s) and address:
Telecommunications Equipment Manager, Office of Information
Technology, TSA Headquarters, TSA-11, 601 S. 12th Street, Arlington, VA
22202-4220.
Notification procedure:
To determine whether this system contains records relating to you,
write to the System Manager identified above.
Record access procedure:
Same as ``Notification Procedure,'' above. Provide your full name and
a description of information that you seek, including the time frame
during which the record(s) may have been generated. Individuals
requesting access must comply with the Department of Homeland Security
Privacy Act regulations on verification of identity (6 CFR 5.21(d)).
Contesting record procedure:
Same as ``Notification Procedure'' and ``Record Access Procedure,''
above.
Record source categories:
Information contained in this system is obtained from employees and
contractor personnel who use or are assigned government
telecommunications equipment, telecommunications equipment assignment
lists, call detail log entries (which include but are not limited to
whom the call was made, from where the call was made, and call
duration), and the results of inquiries related to the assignment of
responsibility for the misuse of government telecommunications equipment
or the placement of unofficial calls or transmissions.
Exemptions claimed for the system:
None.
DHS/TSA 015
System name:
Registered Traveler (RT) Operations Files.
Security classification:
Classified, sensitive.
System location:
Records will be maintained at TSA Headquarters in Arlington, Virginia,
at other authorized TSA or DHS secure facilities as necessary, and at a
digital safe site managed by a government contractor.
Categories of individuals covered by the system:
(a) Individuals who voluntarily apply to participate in the RT Pilot
Program, who agree to provide personal information to TSA that may be
used as part of a security assessment, and who may or may not meet the
eligibility criteria as determined by TSA;
(b) Authorized Federal law enforcement officers (LEOs); and (c)
Individuals who participate in the Federal Flight Deck Officer (FFDO)
program.
Categories of records in the system:
Information in the system includes some or all of the following: Full
name, current home address, current home phone number, current cell
phone number (if applicable), social security number, date of birth,
place of birth, nationality, gender, prior home addresses, arrival date
in United States (non-U.S. citizens only), digital photo, reference
biometric (i.e., fingerprint(s), iris scan, facial geometry, hand
geometry, handwriting/signature, others), unique identification record
number, unique token or credential serial number, security assessments,
information pertaining to adjudication results, RT eligibility status,
token or credential issue date, token or credential expiration date,
information and data provided by Federal, State, and local government
agencies and foreign governments that is necessary to conduct a security
assessment to determine if an individual poses a potential threat to
aviation security. Authorized Federal LEOs may have a Federal LEO code
name and unique administrative code number.
Authority for maintenance of the system:
49 U.S.C. 114; Section 109(a)(3), Aviation and Transportation Security
Act (ATSA), Public Law 107-71.
Purpose(s):
The system utilized during the RT Pilot Program will facilitate the
development, testing, and administration of the RT concept, including
conducting security assessments on program applicants; additional
security assessments may or may not be conducted on authorized LEOs,
FFDOs, and other authorized government officials. The purpose of the RT
pilot program is to (1) pre-screen and positively identify volunteer
travelers using advanced identification technologies, including
biometrics, which may expedite the pre-boarding process for the traveler
and improve the allocation of TSA's security resources on individuals
who may pose a security threat; (2) prevent potential threats from
individuals who are impersonating Federal LEOs and seek to board
commercial aircraft while armed; (3) assist in the management and
tracking of the status of security assessments for applicants and those
deemed eligible for the Registered Traveler Pilot Program; (4) permit
the retrieval of the results of security assessments, including criminal
history records checks and searches in other governmental identification
systems, performed on the individuals covered by this system; (5) permit
the retrieval of information from other law enforcement and intelligence
databases on individuals covered by this system; and (6) identify
potential threats to transportation security, uphold and enforce the
law, and ensure public safety.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
(1) To the United States Department of Transportation, its operating
administrations, or the appropriate state or local agency when relevant
or necessary to (a) ensure safety and security in any mode of
transportation; (b) enforce safety and security related regulations and
requirements; (c) assess and distribute intelligence or law enforcement
information related to transportation security; (d) assess and respond
to threats to transportation; (e) oversee the implementation and ensure
the adequacy of security measures at airports and other transportation
facilities; (f) plan and coordinate any actions or activities that may
affect transportation safety and security or the operations of
transportation operators; or (g) the issuance, maintenance, or renewal
of a license, certificate, contract, grant, or other benefit.
(2) To the appropriate Federal, State, local, tribal, territorial,
foreign, or international agency responsible for investigating,
prosecuting, enforcing, or implementing a statute, rule, regulation, or
order, where TSA becomes aware of an indication of a violation or
potential violation of civil or criminal law or regulation.
(3) To contractors, grantees, experts, consultants, or volunteers when
necessary to perform a function or service related to this system of
records for which they have been engaged. Such recipients are required
to comply with the Privacy Act, 5 U.S.C. 552a, as amended.
(4) To airports and aircraft operators to the extent necessary to
identify Registered Travelers and ensure the proper ticketing, security
screening, and boarding of those passengers.
(5) To a Federal, State, local, tribal, territorial, foreign, or
international agency, in response to queries regarding persons who may
pose a risk to transportation or national security; a risk of air piracy
or terrorism or a threat to airline or passenger safety; or a threat to
aviation safety, civil aviation, or national security.
(6) To the Department of State and other Intelligence Community
agencies to further the mission of those agencies relating to persons
who may pose a risk to transportation or national security; a risk of
air piracy or terrorism or a threat to airline or passenger safety; a
threat to aviation safety, civil aviation, or national security.
(7) To international and foreign governmental authorities in
accordance with law and formal or informal international agreement.
(8) To authorized law enforcement and other government agencies, as
necessary, to conduct the security assessments and, if applicable, to
facilitate payment and accounting.
(9) To the Department of Justice in review, settlement, defense, and
prosecution of claims, complaints, and lawsuits involving matters over
which TSA exercises jurisdiction.
(10) To the DOJ or other Federal agency conducting litigation or in
proceedings before any court, adjudicative or administrative body, when:
(a) TSA, or (b) any employee of TSA in his/her official capacity, or (c)
any employee of TSA in his/her individual capacity where DOJ or TSA has
agreed to represent the employee, or (d) the United States or any agency
thereof, is a party to the litigation or has an interest in such
litigation, and TSA determines that the records are both relevant and
necessary to the litigation and the use of such records is compatible
with the purpose for which TSA collected the records.
(11) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(12) To the General Services Administration and the National Archives
and Records Administration in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(13) To the Attorney General of the United States or his/her official
designee, when information indicates that an individual meets any of the
disqualifications for receipt, possession, shipment, or transport of a
firearm under the Brady Handgun Violence Prevention Act. In case of a
dispute concerning the validity of the information provided by TSA to
the Attorney General, or his/her designee, it shall be a routine use of
the information in this system of records to furnish records or
information to the national Background Information Check System,
established by the Brady Handgun Violence Prevention Act, as may be
necessary to resolve such dispute.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Records may be stored on magnetic disc, tape, digital media, CD-ROM,
bar code, magnetic stripe, optical memory stripe, disk, integrated
circuit chip, and/or other approved technologies and may also be
retained in hard copy format in secure file folders.
Retrievability:
Records may be retrieved by the applicant's name, unique
identification record number, or other unique administrative identifier;
paper records, where applicable, are retrieved alphabetically by name or
other unique administrative identifier.
Safeguards:
Information in this system is safeguarded in accordance with
applicable rules and policies, including any applicable TSA and DHS
automated systems security and access policies. The computer system from
which records could be accessed is policy and security based, meaning
access is limited to those individuals who require it to perform their
official duties. The system also maintains a real-time auditing function
of individuals who access the system. Classified information is
appropriately stored in a secured facility, secured databases, and
containers and in accordance with other applicable requirements,
including those pertaining to classified information.
Retention and disposal:
Records in this system will be retained in accordance with a schedule
to be approved by the National Archives and Records Administration.
System manager and address:
Registered Traveler Program Manager, Credentialing Program Office, TSA
Headquarters, TSA-19, East Tower, 601 S. 12th Street, Arlington, VA
22202-4220.
Notification procedure:
To determine if this system contains a record relating to you, write
to the system manager at the address indicated above and provide your
full name, current address, date of birth, place of birth, and a
description of information that you seek, including the time frame
during which the record(s) may have been generated. You may also provide
your Social Security Number or other unique identifier(s) but you are
not required to do so. Individuals requesting access must comply with
the Department of Homeland Security's Privacy Act regulations on
verification of identity (6 CFR 5.21(d)).
Record access procedure:
Same as ``notification procedure,'' above.
Contesting record procedure:
Same as ``notification procedure,'' above.
Record source categories:
Information contained in this system may be obtained from the RT
applicant, law enforcement and intelligence agency record systems,
government and commercial databases, military and National Guard
records, and other Department of Homeland Security systems.
Exemptions claimed for the system:
Portions of this system are exempt from 5 U.S.C. 552a(c)(3), (d),
(e)(1), (e)(4)(G), (H), and (I), and (f) pursuant to 5 U.S.C. 552a(k)(1)
and (k)(2).
Transportation Security Technology Testing System.
Security classification:
Unclassified.
System locations:
Records will be maintained at TSA Headquarters in Arlington, Virginia,
at various TSA field offices, at transportation facilities where
technology testing takes place, and at digital safe sites operated by
government contractors.
Categories of individuals covered by the system:
TSA employees, contractors, transportation workers, and other
individuals who participate in transportation security technology
testing programs.
Categories of records in the system:
Records may include (1) individual's name; (2) demographic data to
include age, gender, primary language spoken, and ethnicity; (3)
administrative identification codes; (4) systems identification codes;
(5) company, organization, or affiliation; (6) issue date and other
enrollment information; (7) physical descriptors, biometric data, and
digital photograph; (8) facility access level information; (9) job title
and function; (10) expiration date; and (11) access dates and times.
Authorities for maintenance of the system:
49 U.S.C. 114; 49 U.S.C. 44903; 49 U.S.C. 44912.
Purpose(s):
The records are maintained to document the research, development, and
testing of emerging transportation security technologies, to improve
access control into transportation facilities and modes of
transportation, to improve ticketing and baggage control for passengers
and crew, to improve cargo tracking capabilities, and to improve
transportation facility security plans.
(1) To the appropriate Federal, State, local, tribal, territorial,
foreign, or international agency responsible for investigating,
prosecuting, enforcing, or implementing a statute, rule, regulation, or
order, where TSA becomes aware of an indication of a violation or
potential violation of civil or criminal law or regulation.
(2) To TSA contractors, agents, grantees, experts, consultants, or other
like persons when necessary to perform a function or service related to
this system of records for which they have been engaged. Such recipients
are required to comply with the Privacy Act, 5 U.S.C. 552a, as amended.
(3) To airport operators, aircraft operators, and maritime and land
transportation operators about individuals who are their employees, job
applicants, or contractors, or persons to whom they issue identification
credentials or grant clearances or access to secured areas in
transportation facilities when relevant to such employment, application,
contract, the issuance of such credentials or clearances, or access to
such secure areas.
(4) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(5) To the Department of Justice (DOJ) or other Federal agency in the
review, settlement, defense, or prosecution of claims, complaints, and
law suits involving matters over which TSA exercises jurisdiction or
when conducting litigation or in proceedings before any court,
adjudicative or administrative body, when: (a) TSA, or (b) any employee
of TSA in his/her official capacity, or (c) any employee of TSA in his/
her individual capacity where DOJ or TSA has agreed to represent the
employee, or (d) the United States or any agency thereof, is a party to
the litigation or has an interest in such litigation, and TSA determines
that the records are both relevant and necessary to the litigation and
the use of such records is compatible with the purpose for which TSA
collected the records.
(6) To the National Archives and Records Administration or other
authorized Federal agency in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(7) To the United States Department of Transportation, its operating
administrations, or the appropriate state or local agency when relevant
or necessary to (a) ensure safety and security in any mode of
transportation; (b) enforce safety-and security-related regulations and
requirements; (c) assess and distribute intelligence or law enforcement
information related to transportation security; (d) assess and respond
to threats to transportation; (e) oversee the implementation and ensure
the adequacy of security measures at airports and other transportation
facilities; (f) plan and coordinate any actions or activities that may
affect transportation safety and security or the operations of
transportation operators; or (g) the issuance, maintenance, or renewal
of a license, certificate, contract, grant, or other benefit.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Paper, bar code, magnetic stripe, optical memory stripe, disk, video,
integrated circuit chip, and electronic media.
Retrievability:
Data records contained within bar codes, magnetic stripe, optical memory
stripe, disk, video, integrated circuit chip, and/or electronically
stored may be retrieved by employee name, unique card number, or other
personal identifier; paper records, where applicable, are retrieved
alphabetically by name.
Safeguards:
Information in this system is protected from unauthorized access through
appropriate administrative, physical and technical safeguards.
Unauthorized personnel are denied physical access to the location where
records are stored. For computerized records, safeguards are in
accordance with generally acceptable information security guidelines via
use of security codes, passwords, Personal Identification Numbers
(PINs), and other similar safeguards.
Retention and disposal:
Record disposition authority for these records is pending National
Archives and Records Administration approval.
System manager(s) and address:
Office of Security Technology and Chief Technology Officer, TSA
Headquarters, TSA-20, 601 S. 12th Street, Arlington, VA 22202-4220.
Notification procedure:
To determine if this system contains a record relating to you, write to
the system manager at the address indicated above and provide your full
name, current address, date of birth, place of birth, and a description
of information that you seek, including the time frame during which the
record(s) may have been generated. You may also provide your Social
Security Number or other unique identifier(s) but you are not required
to do so. Individuals requesting access must comply with the Department
of Homeland Security's Privacy Act regulations on verification of
identity (6 CFR 5.21(d)).
Record access procedure:
Same as ``notification procedure,'' above.
Contesting record procedure:
Same as ``notification procedure,'' above.
Record source categories:
TSA obtains information in this system from the individuals who are
covered by the system, their employers, or the participating
transportation facility.
Exemptions claimed for the system:
None.
Secure Flight Test Records.
Security classification:
Classified, sensitive.
System location:
Records are maintained at: the Office of Transportation Vetting and
Credentialing (OTVC), Transportation Security Administration (TSA),
Department of Homeland Security, P.O. Box 597, Annapolis Junction, MD
20701-0597; the OTVC assessment facility in Colorado Springs, Colorado;
and at EagleForce Associates, Inc., McLean, VA.
Categories of individuals covered by the system:
(a) Individuals traveling within the United States by passenger air
transportation on certain domestic flights completed in June 2004;
(b) Individuals identified in commercial data purchased and held by a
TSA contractor for purposes of comparing such data with the June 2004
Passenger Name Records and testing the Secure Flight program;
(c) Individuals known or reasonably suspected to be or have been engaged
in conduct constituting, in preparation for, in aid of, or related to
terrorism.
Categories of records in the system:
(a) Passenger Name Records (PNRs) for certain passenger air
transportation flights completed in June 2004 provided by aircraft
operators in response to the Transportation Security Administration
Order issued November 15, 2004 (69 FR 65625), (the June 2004 PNRs), the
specific contents of which often vary by aircraft operator;
(b) Information obtained from the Terrorist Screening Center about
individuals known or reasonably suspected to be or to have been engaged
in conduct constituting, in preparation for, in aid of, or related to
terrorism;
(c) Authentication scores and codes obtained from commercial data
providers;
(d) PNRs that were enhanced with certain fields of information obtained
from commercial data--full name, address, date of birth, gender--and
that were provided to TSA for purposes of testing the Secure Flight
program;
(e) Commercial data purchased and held by a TSA contractor for purposes
of comparing such data with June 2004 PNRs and testing the Secure Flight
program;
(f) Results of comparisons of individuals identified in PNRs to watch
lists obtained from the Terrorist Screening Center.
Authority for maintenance of the system:
49 U.S.C. 114, 44901, and 44903.
Purpose(s):
The system will be used to test the Secure Flight program. The purpose
of the program is to enhance the security of domestic air travel by
identifying passengers who warrant further scrutiny prior to boarding an
aircraft. The purposes of testing the Secure Flight program are: (1) To
test the Government's ability to process and compare passenger
information against terrorist watch list information held by the
Terrorist Screening Center (TSC) in the Terrorist Screening Database
(TSDB); (2) to test the Government's ability to operate a streamlined
version of the rule set used under the existing computer-assisted
passenger prescreening system (CAPPS) currently used by aircraft
operators; and (3) to test the Government's ability to verify the
identities of passengers using commercial data and to improve the
efficacy of watch list comparisons by making passenger information more
complete and accurate using commercial data. For more detail on the
purposes and conduct of the Secure Flight testing, please see the
revised PIA for the Secure Flight Test Phase, which is published below.
(1) To the Federal Bureau of Investigation where TSA becomes aware of
information that may be related to an individual identified in the
Terrorist Screening Database as known or reasonably suspected to be or
having been engaged in conduct constituting, in preparation for, in aid
of, or related to terrorism.
(2) To contractors, grantees, experts, consultants, or other like
persons when necessary to perform a function or service related to the
Secure Flight program or the system of records for which they have been
engaged. Such recipients are required to comply with the Privacy Act, 5
U.S.C. 552a, as amended.
(3) To the Department of Justice (DOJ) or other Federal agency in the
review, settlement, defense, and prosecution of claims, complaints, and
lawsuits involving matters over which TSA exercises jurisdiction or when
conducting litigation or in proceedings before any court, adjudicative
or administrative body, when: (a) TSA; or (b) any employee of TSA in
his/her official capacity; or (c) any employee of TSA in his/her
individual capacity, where DOJ or TSA has agreed to represent the
employee; or (d) the United States or any agency thereof, is a party to
the litigation or has an interest in such litigation, and TSA determines
that the records are both relevant and necessary to the litigation and
the use of such records is compatible with the purpose for which TSA
collected the records.
(4) To the National Archives and Records Administration (NARA) or other
Federal agencies pursuant to records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(5) To a Congressional office from the record of an individual in
response to an inquiry from that Congressional office made at the
request of the individual.
(6) To an agency, organization, or individual for the purposes of
performing authorized audit or oversight operations.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing, Retaining and
Disposing of records in the system:
Storage:
Records are stored electronically in a secure facility at the Office of
Transportation Vetting and Credentialing (OTVC), Transportation Security
Administration (TSA), Department of Homeland Security, P.O. Box 597,
Annapolis Junction, MD 20701-0597; the OTVC assessment facility in
Colorado Springs, Colorado; and at EagleForce, Inc., McLean, VA. The
records are stored on magnetic disc, tape, digital media, and CD-ROM,
and may also be retained in hard copy format in secure file folders.
Retrievability:
Data are retrievable by the individual's name or other identifier, as
well as non-identifying information.
Safeguards:
Information in this system is safeguarded in accordance with applicable
rules and policies, including any applicable OTVC, TSA, and DHS
automated systems security and access policies. Access to computer
systems containing the records in this system of records is limited and
can be accessed only by those individuals who require it to perform
their official duties. Safeguards also include a real time auditing
function of individuals who access computer systems containing the
records in this system of records. Classified information, if any, will
be appropriately stored in a secured facility, in secured databases and
containers, and in accordance with other applicable requirements,
including those pertaining to classified information.
Retention and disposal:
TSA has determined that the records contained in the Secure Flight Test
records system are covered by NARA General Records Schedule (GRS) 20,
which applies to electronic records. It covers electronic files or
records created solely to test system performance, as well as hard-copy
printouts and related documentation for the electronic files/records.
Under GRS 20, an agency may delete or destroy such records when the
agency determines that they are no longer needed for administrative,
legal, audit, or other operational purposes. In accordance with GRS 20,
TSA has destroyed certain copies of the original PNRs provided by the
air carriers. In addition, in accordance with applicable law, TSA plans
to direct and document the destruction of the remaining PNRs and
commercial data in its possession or in the possession of EagleForce as
testing activities and analyses are completed.
System manager(s) and address:
Assistant Administrator, Secure Flight/Registered Traveler,
Transportation Security Administration, P.O. Box 597, Annapolis
Junction, MD 20701-0597.
Notification procedure:
See ``Record Access Procedure''.
Record Access Procedure:
DHS has determined that all persons may request access to information
about them contained in the system by sending a written request to the
TSA Privacy Officer, Transportation Security Administration (TSA-9), 601
South 12th Street, Arlington, VA 22202.
To the extent permitted by law, such access will be granted. Individuals
requesting access must comply with the Department of Homeland Security
Privacy Act regulations on verification of identity (6 CFR 5.21(d)).
Individuals must submit their full name, current address, and date and
place of birth. Individuals must sign the request and the signature must
either be notarized or submitted under 28 U.S.C. 1746, a law that
permits statements to be made under penalty of perjury as a substitute
for notarization.
Exemptions claimed for the system:
None.
2. The complete revised PIA follows:
Secure Flight Test Phase Privacy Impact Assessment
I. Introduction
Pursuant to the authority granted by the Aviation and Transportation
Security Act of 2001 (ATSA) and section 4012(a)(1) of the Intelligence
Reform and Terrorism Prevention Act of 2004 (IRTPA) (Pub. L. 108-458,
118 Stat. 3638, Dec. 17, 2004), TSA is developing a new program for
screening domestic airline passengers in order to enhance the security
and safety of domestic airline travel. Under this program, Secure
Flight, the Transportation Security Administration (TSA) will assume
from air carriers the function of conducting pre-flight comparisons of
airline passenger information to the expanded and consolidated watch
lists held in the Terrorist Screening Database (TSDB) maintained by the
Terrorist Screening Center (TSC).\1\ On November 15, 2004, TSA issued an
order directing U.S. aircraft operators to provide to TSA, by November
23, 2004, a limited set of historical passenger name records (PNRs) for
testing of the Secure Flight program.
\1\ The Terrorist Screening Center (TSC), established in December 2003,
maintains a consolidated, comprehensive watch list of known or suspected
terrorists. This database can be used by Government agencies in screening
processes to identify individuals known to pose or are suspected of posing
a risk to the security of the United States.
Because the test involves existing watch lists that are being
consolidated and expanded in the TSC, the E-Government Act of 2002
requires that a Privacy Impact Assessment (PIA) be conducted. The
previously published PIA is being clarified and expanded to reflect more
closely actual experience as the testing program has been conducted,
refined and modified since September 2004. After the testing has been
concluded and the results analyzed, TSA will update the PIA as necessary
prior to actual implementation of the Secure Flight program.
System Overview
What information is to be collected and used for testing Secure
Flight?
In order to conduct testing, TSA obtained historic PNRs for individuals
who completed domestic flight segments during the month of June 2004.
PNR varies according to airline, but generally includes the following
information fields: Full name, contact phone number, mailing address and
travel itinerary. Also for purposes of the test, a TSA contractor,
EagleForce Associates, Inc. (EagleForce), obtained commercial data from
three commercial data aggregators. EagleForce contracted with each
commercial data aggregator to identify records in its data bases
associated with names in a sample set of PNRs and provide such records
to EagleForce, but to provide only certain data elements associated with
the names. Specifically, EagleForce requested the following data
elements: First name; last name; middle name; home address; home phone
number; date of birth; name suffix; second surname; spouse first name;
gender; second address; third address; plus-four portion of Zip code;
address type (residence, business, or mailing address); latitude of
address; and longitude of address. In some cases the commercial data
aggregators provided information that EagleForce did not request, such
as social security numbers, due to the way the commercial data
aggregators packaged their product. Although EagleForce loaded the
commercial data provided by the commercial data aggregators onto a
database, EagleForce has not queried or used any of the data elements
that the commercial data aggregators provided over and above the
specific data elements that EagleForce had specifically requested.
Why is the information being collected and who will be affected
by the collection of the data?
TSA collected the information described above to test the Secure Flight
program, the purpose of which is to enhance the security of domestic air
travel by identifying only those passengers who warrant further
scrutiny. TSA's test of the Secure Flight program has three objectives.
The first objective is to test the Government's ability to process and
compare passenger information against terrorist watch list information
held by the TSC in the TSDB. The second objective is to test the
Government's ability to operate a streamlined version of the rule set
used under the existing computer-assisted passenger prescreening system
(CAPPS) currently used by aircraft operators. The third objective is to
test the Government's ability to verify the identities of passengers
using commercial data and to improve the efficacy of watch list
comparisons by making passenger information more complete and accurate
using commercial data to enhance PNRs with elements such as full name,
address, date of birth, and gender. TSA, through its contractor IBM, has
compared the PNR with data maintained in the TSDB regarding individuals
known or reasonably suspected to be or have been engaged in conduct
constituting, in preparation for, in aid of, or related to terrorism.
TSA is continuing watch list match testing through it contractor, Mitre,
using the original PNRs provided by the air carriers. TSA also continues
to conduct internal system testing of the watch list matching processes
through Mitre and IBM.
To prepare for the commercial data test, two statistically significant
samples of the PNR data were extracted. One sample consisted of
approximately 17,000 PNRs representing a cross section of air carriers
and indicative of a typical PNR. A second sample was also developed that
consisted of approximately 24,000 PNRs that contained dates of birth.
The sample data sets, which represent PNRs from eight U.S. air carriers,
were stored on CD-ROMs. These data sets are used to perform watch list
match testing in connection with the first objective of the program
described above.
In addition, TSA hand delivered duplicates of the CD-ROMs containing the
two sample PNR data sets to EagleForce. TSA also provided to EagleForce
unparsed copies of other electronically stored June 2004 PNR data from
the air carriers whose PNRs were included in the representative samples.
In preparing for the commercial test, for each of the approximately
42,000 names in the two sample sets of PNRs, EagleForce created up to
twenty variations of a person's first and last names. Accordingly,
EagleForce generated approximately 240,000 name variations derived from
the approximately 42,000 names in the sample data sets. The original PIA
and system of records notice did not discuss this process, because TSA
had not developed its test plan with this level of detail at the time
the documents were published.
EagleForce submitted the original names and name variations to three
commercial data aggregators: Insight America, Acxiom, and Qsent. Upon
receipt of the information provided by the commercial data aggregators,
EagleForce loaded the records into a database. In order to accomplish
the third test objective identified above, Secure Flight undertook two
steps. First, EagleForce compared information in the sample PNRs with
certain data elements contained in the information in the commercial
data records to attempt to identify instances when the data in the PNRs
was incorrect or inaccurate. In the course of this activity, EagleForce
used only those data elements that it had asked the commercial data
aggregators to provide. EagleForce did not use any of the data elements
that the commercial data aggregators had provided beyond the specific
data elements that EagleForce had specifically requested.
Second, to further test accuracy through verification testing,
EagleForce used certain records obtained from the three commercial data
aggregators to enhance the sample PNR data in cases where PNRs were
missing data. If a PNR in the sample data did not have complete
information on a subject's full name, date of birth, address, gender, or
one of the other categories of data that EagleForce specifically
requested from the commercial data aggregators, EagleForce attempted to
incorporate that data from the commercial data records, thereby
``enhancing'' the PNRs with these specific elements. However, EagleForce
did not use the following data elements to enhance PNRs: spouse first
name; latitude of address; and longitude of address. EagleForce then
produced CD-ROMs containing the PNRs enhanced with the additional data
elements and provided those CD-ROMs to TSA for use in watch list match
testing. TSA currently retains the CD-ROMs containing the enhanced PNRs
and stores these CD-ROMS when they are not in use in a controlled access
safe. TSA provided for a limited period of time the CD-ROMs containing
the enhanced PNRs to employees of TSA's contractor charged with
conducting watch list testing (IBM), to determine whether using
commercial data to enhance passenger information could lower the number
of instances in which a person appears to be a match to the TSDB, but is
not (a false positive) or appears not to be a match, but in fact is (a
false negative).
The categories of individuals covered by the data collection are:
individuals who traveled within the United States during June 2004 by
passenger air transportation and whose PNRs were provided by aircraft
operators in response to the Transportation Security Administration
Order issued November 15, 2004 (69 FR 65625); individuals identified in
commercial data purchased and held by a TSA contractor for purposes of
testing the Secure Flight program; and individuals known or reasonably
suspected to be or have been engaged in conduct constituting, in
preparation for, in aid of, or related to terrorism.
TSA has not and will not use the results of its testing for any purpose
other than analysis of the efficacy of the program unless there is an
indication during the testing of terrorist or possible terrorist
activity. In such a case, appropriate action will be taken, which may
include providing information in the system of records to relevant law
enforcement agencies. To date no such action has been warranted.
What notice or opportunities for consent are provided to
individuals regarding the information that is collected and shared?
The original Privacy Act System of Records Notice and PIA, as well as
the revised versions of each document, provide notice of the scope,
purposes, and effect of the test phase of the Secure Flight program.
Because the test phase uses historical PNR from the month of June 2004
for flights that were completed by the end of that month, as well as
data residing in commercial databases that already had been collected
prior to the test, the notice given did not afford the opportunity for
these individuals to provide consent in advance of this collection.
Nevertheless, Secure Flight has been the subject of Congressional
testimony, public statements by TSA officials, and numerous media
reports that convey additional notice, including information that
appears on the TSA Web site at http://www.tsa.gov/public/.
The information collected has been shared with TSA employees and
contractors who have a ``need to know'' in order to conduct the required
test comparisons. All TSA contractors involved in the testing of Secure
Flight are contractually and legally obligated to comply with the
Privacy Act in their handling, use and dissemination of personal
information in the same manner as TSA employees.
If a comparison using the test data indicates that an individual is
suspected of terrorism, TSA will refer the information to appropriate
law enforcement personnel for further action. Referrals will only occur,
however, in this limited circumstance because the basic purpose of this
information collection is to test the Secure Flight program. To date, no
such referrals have been warranted.
What security protocols are in place to protect the
information?
TSA has employed data security controls, developed with the TSA Privacy
Officer, to protect the data used for Secure Flight testing activities.
Information in TSA's record systems is safeguarded in accordance with
the Federal Information Security Management Act of 2002 (Pub. L. 107-
347), which established Government-wide computer security and training
standards for all persons associated with the management and operation
of Federal computer systems. The systems on which the tests are or have
been conducted were assessed for security risks, have implemented
security policies and plans consistent with statutory, regulatory and
internal DHS guidance.
Prior to accepting custody of the PNR data, TSA established chain-of-
custody procedures for the receipt, handling, safeguarding, and tracking
of access to the PNR data and TSA maintained the data at its secure
facility in Annapolis Junction, Maryland. Access to the data was limited
to individuals with a need for access in order to conduct testing
activities.
Records of transmission of PNR data to EagleForce were maintained by
TSA's security officers. EagleForce had measures in place to control
access and handling of PNR data. In addition, EagleForce employees
completed training for handling sensitive information and entered into
non-disclosure agreements covering all data provided by the Government
for use during the test. Copies of these agreements are maintained by
TSA's security office.
TSA and its contractors maintain the PNRs and the limited commercial
data collected for the test in a secure facility on electronic media and
in hard copy format. The information is protected in accordance with
rules and policies established by both TSA and DHS for automated systems
and for hard copy storage, including password protection and secure file
cabinets. Moreover, access is strictly controlled; only TSA employees
and contractors with proper security credentials and passwords will have
permission to use this information to conduct the required tests, on a
need-to-know basis. Additionally, a real time audit function is part of
this record system to track who accesses the information resident on
electronic systems during testing. Any infractions of information
security rules will be dealt with severely. None has occurred to date.
All TSA and assigned contractor staff receive DHS-mandated privacy
training on the use and disclosure of personal data. The procedures and
policies that are in place are intended to ensure that no unauthorized
access to records occurs and that operational safeguards are firmly in
place to prevent system abuses.
Does this program create a new system of records under the
Privacy Act?
On September 24, 2004, TSA established a new Privacy Act system of
records, known as the Secure Flight Test Records system of records, DHS/
TSA 017, for purposes of Secure Flight testing activities (69 FR 57345).
TSA has amended and supplemented that system of records to clarify the
original system of records notice with additional detail on the Secure
Flight testing activities.
What is the intended use of the information?
The information collected by TSA and TSA contractors has been and will
be used solely for the purpose of testing the Secure Flight program, as
described in this PIA, and will be maintained in a Privacy Act system of
records in accordance with the published system of records notice for
DHS/TSA 017.
Will the information be retained and, if so, for what period of
time?
TSA has determined that the records contained in the Secure Flight Test
Records system are covered by NARA General Records Schedule (GRS) 20,
which applies to electronic records. It covers electronic files or
records created solely to test system performance, as well as hard-copy
printouts and related documentation for the electronic files/records.
Under GRS 20, an agency may delete or destroy such records when the
agency determines that they are no longer needed for administrative,
legal, audit, or other operational purposes. In accordance with GRS 20,
TSA has destroyed certain copies of the original PNRs provided by the
air carriers. In addition, TSA, in accordance with applicable law, plans
to direct the destruction of the remaining PNRs and commercial data in
its possession or in the possession of EagleForce as testing activities
and analyses are completed.
How will the passenger be able to seek redress?
During the test phase individuals may request access to information
about themselves contained in the PNR subject to Secure Flight test
phase by sending a written request to TSA. To the extent permitted by
law, access will be granted. If an individual wishes to contest or amend
the records received in this manner, he or she may do so by sending that
request to TSA. The request should conform to DHS requirements for
contesting or amending Privacy Act records, and should be sent TSA
Privacy Officer, Transportation Security Administration (TSA-9), 601
South 12th Street, Arlington, VA 22202. Before implementing a final
program, however, TSA will create a robust redress mechanism to resolve
disputes concerning the Secure Flight program.
What databases will the names be compared to?
TSA has compared the names against the TSDB, which is a consolidated,
comprehensive watch list of known or suspected terrorists. This database
can be used by Government agencies in screening processes to identify
individuals known to pose or are suspected of posing a risk to the
security of the United States. This consolidated database contains
information contributed by the Departments of Homeland Security,
Justice, and State and by the intelligence community. Because
information related to terrorists is consolidated in the TSDB, TSA
believes that the TSDB provides the most effective and secure system
against which to run airline passenger names for purposes of identifying
whether or not they are known or reasonably suspected to be engaged in
terrorism or terrorist activity. TSA's contractor has compared names
with information provided by commercial data aggregators to identify
commercial data records from which to enhance PNRs for purposes of the
Secure Flight test.
Privacy Effects and Mitigation Measures.
The decision to initiate Secure Flight followed completion of a thorough
review of the TSA's next generation passenger prescreening program and
the mandate of section 4012(a)(1) of the IRTPA.
Testing has been and continues to be governed by strict privacy and data
security protections. TSA will defer any decision on how commercial data
might be used in its prescreening programs, as Secure Flight, until the
completion of the test period, assessment of the test results and
publication of a subsequent System of Records Notice under the Privacy
Act announcing the intended use of such commercial data.
TSA has taken action to mitigate privacy risk by designing its test
activities to address concerns expressed by privacy advocates, foreign
counterparts and others. Under the Secure Flight testing phase, TSA did
not require air carriers to collect any additional information from
their passengers than was already collected by such carriers and
maintained in passenger name records. TSA has adopted and carried out
stringent data security and privacy protections, including contractual
prohibitions on commercial entities' maintenance or use of airline-
provided PNR information for any purposes other than testing under TSA
parameters; real time auditing procedures to determine when data within
the Secure Flight system has been accessed and by whom; and strict rules
prohibiting the accessing or use of commercial data by TSA employees.
TSA will assess test results prior to any operational use of commercial
data in TSA programs to determine whether its use is effective in
verifying passenger identity or enhancing watch list comparisons,
justifies the associated costs, does not result in disparate treatment
of any class of individuals, and that data security protections and
privacy protections are robust and effective.
TSA also recognizes that there is a privacy risk inherent in the design
of any new system which could result from design mistakes. By testing
the proposed Secure Flight program, TSA has had the opportunity to
modify the program design in ways to enhance protection of individuals'
privacy interests before the program becomes fully operational, ensuring
a better program. TSA is purposely testing the Secure Flight system and
will be carefully scrutinizing the performance of the system during the
test phase--and conducting further analysis upon completion--to
determine the effectiveness of Secure Flight both for passenger
prescreening as well as for protecting the privacy of the data on which
the program is based. By following strict rules for oversight and
training of personnel handling the data as well as strong system
auditing to detect potential abuse and a carefully planned and executed
redress process, TSA will continue to ensure that privacy is an integral
part of the program once it becomes operational, as it has been during
testing. TSA's efforts have been and continue to be thoroughly examined
internally, including review by the TSA Privacy Officer and the DHS
Chief Privacy Officer. In this process, TSA will carefully review
constructive feedback it receives from the public on this important
program.
Safety Information System (SIS).
Security classification:
Unclassified.
System locations:
TSA's Information Technology contractor maintains and stores official
records in electronic form on secure servers at their office locations.
TSA occupational safety and health personnel may access the official
records from their individual workstations at TSA field locations or
Headquarters offices at 601 South 12th Street, Arlington, VA 22202-4220.
Categories of individuals covered by the system:
TSA employees and contractors under direct supervision of TSA, who are
involved in or report an incident resulting in an occupationally-caused
injury, illness, or death; employees and contractors involved in or
reporting incidents not resulting in, but having the potential to have
caused damage, injury, or death; employees and contractors (or their
survivors) who file a claim for benefits under the Federal Employees'
Compensation Act; and employees and contractors who report unsafe or
unhealthful working conditions.
Categories of records in the system:
Records may include: Reports of occupational injuries and illnesses;
workers' compensation claims information filed by, or on behalf of,
injured employees or contractors; medical bill payment records; notes of
telephone conversations conducted in connection with claims; general
information relating to the status of vocational and/or medical
rehabilitation. Specific data elements may include personally
identifying information, such as: Name, Social Security Number, birth
date, gender, home address, occupation, and salary (for employees of the
Department only); date and location of the incident; and information
received from various investigative agencies.
Authorities for maintenance of the system:
5 U.S.C. 301, 7902; 29 U.S.C. 651 et seq.; 49 U.S.C. 114; E.O. 12196 (45
FR 12769, Feb. 27, 1980), 3 CFR, 1980 Comp., p. 145; 29 CFR part 1960.
Purpose(s):
TSA will use this system to:
(1) Provide an information source for compliance with the Occupational
Safety and Health Act and other legal requirements;
(2) Provide a documented record of job-related incidents, injuries, and
illnesses for measuring safety and health programs' effectiveness;
(3) Provide summary data of accident, injury, and illness information to
TSA and DHS management in a number of formats for analytical purposes in
establishing programs to reduce or eliminate loss producing hazards or
conditions; and
(4) Use as a reference when adjudicating tort and employee claims.
TSA will use the summary data of occupational injuries or illnesses
maintained in this system for analytical purposes to improve TSA's
accident prevention policies, procedures, standards, and operations, as
well as ensure internal data quality assurance.
(1) To the appropriate Federal, State, local, tribal, territorial,
foreign, or international agency responsible for investigating,
prosecuting, enforcing, or implementing a statute, rule, regulation, or
order, where TSA becomes aware of an indication of a violation or
potential violation of civil or criminal law or regulation.
(2) To contractors, grantees, experts, consultants, or other like
persons, when necessary, to perform a function or service related to
this system of records for which they have been engaged. Such recipients
are required to comply with the Privacy Act, 5 U.S.C. 552a, as amended.
(3) To a Federal, State, local, tribal, territorial, foreign, or
international agency, where such agency has requested information
relevant or necessary for the hiring or retention of an individual, or
the issuance of a security clearance, license, contract, grant, or other
benefit.
(4) To a Federal, State, local, tribal, territorial, foreign, or
international agency, if necessary, to obtain information relevant to a
TSA decision concerning the hiring or retention of an employee, the
issuance of a security clearance, license, contract, grant, or other
benefit.
(5) To third parties during the course of an investigation into any
matter associated with an occupationally-related accident, injury, or
illness, to the extent necessary to obtain information pertinent to the
investigation.
(6) To the Department of Justice (DOJ) or other Federal agency for
purposes of conducting litigation or proceedings before any court,
adjudicative or administrative body, when (a) DHS, or (b) any employee
of DHS in his/her official capacity, or (c) any employee of DHS in his/
her individual capacity where DOJ or DHS has agreed to represent the
employee, or (d) the United States or any agency thereof, is a party to
the litigation or proceeding, or has an interest in such litigation or
proceeding.
(7) To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(8) To the National Archives and Records Administration or other
appropriate Federal agency, in records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(9) To any agency or instrumentality charged under applicable law with
the protection of the public health or safety under exigent
circumstances where the public health or safety is at risk.
(10) To the Department of Justice, United States Attorney's Office, or
other appropriate Federal agency for further collection action on any
delinquent debt when circumstances warrant, or to a debt collection
agency for the purpose of debt collection.
(11) To prepare periodic statistical reports on employees' health and
injury status for transmission to and review by the Department of Labor;
(12) To the Secretary of Labor or an authorized representative under
duly promulgated regulations;
(13) To the Office of Personnel Management, Merit Systems Protection
Board, Equal Employment Opportunity Commission, and/or similar agencies
as required to litigate or otherwise process individual claims;
(14) To physicians, the Department of Labor, various state departments
of labor and industry groups, and contractors who use information to:
(a) Ascertain suitability of an employee for job assignments with regard
to health (b) provide benefits under Federal programs or contracts, and
(c) maintain a record of occupational injuries or illnesses and the
performance of regular diagnostic and treatment services to patients.
(15) To doctors, pharmacies, and other health care providers for the
purpose of treating the injured party investigating the claim,
conducting medical examinations, physical rehabilitation or other
services, or obtaining medical evaluations.
(16) To public or private rehabilitation agencies to whom the injured
party has been referred for vocational rehabilitation services so that
they may properly evaluate the injured party's experience, physical
limitations and future employment capabilities.
(17) To Federal, state, and local agencies conducting similar or related
investigations to verify whether prohibited dual benefits were provided,
whether benefits have been or are being paid properly, including whether
dual benefits prohibited by Federal law are being paid; and salary
offset and debt collection procedures including those actions required
by the Debt Collection Act of 1982.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Contractors maintain and store official records in electronic form in
the system location office. Employees or contractors designated to enter
and access data create and update the information on their individual
workstations, and make it accessible to TSA occupational safety and
health personnel.
Retrievability:
Personnel may retrieve data records electronically stored by employee
name, social security number or other personal identifier, or case
number; and paper records, where applicable, by case number or
alphabetically by name. TSA field offices will access and retrieve
information maintained in the system pertaining only to employees under
their supervision. TSA Headquarters personnel responsible for
administration of the Occupational Safety and Health program will have
access to SIS data.
Safeguards:
Information in this system is protected from unauthorized access through
appropriate administrative, physical, and technical safeguards.
Unauthorized personnel are denied physical access to the location where
records are stored. For computerized records, safeguards are in
accordance with generally acceptable information security guidelines via
use of security codes, passwords, Personal Identification Numbers
(PINs), and other similar safeguards.
Retention and disposal:
Employee case files are destroyed when 30 years old in accordance with
TSA Records Schedule 2400 et seq. Computer files are deleted after the
expiration of the retention period authorized for the disposal of the
hard copy file or when no longer needed, whichever is later.
System manager(s) and address:
Director, Occupational Safety, Health, and Environment, Office of
Administration, TSA-17, 701 South 12th Street, Arlington, VA 22202-4220.
Notification procedure:
To determine if this system contains a record relating to you, write to
the system manager at the address indicated above and provide your full
name, current address, date of birth, place of birth, and a description
of information that you seek, including the time frame during which the
record(s) may have been generated. You may also provide your social
security number or other unique identifier(s), but you are not required
to do so. Individuals requesting access must comply with the Department
of Homeland Security's Privacy Act regulations on verification of
identity (6 CFR 5.21(d)).
Record access procedure:
Same as ``Notification procedure'' above.
Contesting record procedure:
Same as ``Notification procedure'' above.
Record source categories:
(1) The individual or their representative;
(2) Their dependents;
(3) Witnesses;
(4) Employing agency;
(5) Medical personnel and institutions;
(6) Departmental Records;
(7) Office of Workers' Compensation Program;
(8) Office of Personnel Management;
(9) State and Federal records;
(10) Motor Vehicle Accident Reports (SF-91); and
(11) Excerpts of police reports, witness statements, and general
correspondence.
Exemptions claimed for the system:
None.
Department of Homeland Security (DHS), United States Visitor and
Immigration Status Indicator Technology, Automated Identification
Management System (AIDMS).
System location:
The primary AIDMS records database is located at the DHS Data Center in
Ashburn, Virginia. AIDMS interfaces, RFID tag readers, and other
supporting components are located at U.S. land border Ports of Entry
(POE).
Categories of individuals covered by the system:
Individuals covered by the system (``covered individuals'') consist of
aliens as that term is defined in section 101(a)(3) of the Immigration
and Nationality Act (INA): any person not a citizen or national of the
United States.
Categories of records in the system:
The AIDMS maintains four general categories of records: Traveler (i.e.,
covered individual) identification information, RFID tag related
information, RFID tag read event information, and border crossing
history information.
1. Traveler identification information includes the AIDMS unique
traveler identification number (i.e., the traveler's RFID tag number);
and data received from the TECS database within Customs and Border
Protection (CBP). The data received from TECS was collected as part of
the form I-94 and form I-94W issuance process and may include: The
traveler's complete name; date of birth; and travel document type (e.g.,
visa), number, date, and country of issuance.
2. RFID tag related information encompasses data collected about the
issuance and status and may include: RFID tag number; status (e.g.,
active, returned, seized, lost or stolen, damaged, location, date/time,
identification number of the CBP officer responsible for the
transaction).
3. RFID tag read event information is transactional data associated with
the reading of an RFID tag and may include: RFID tag number associated
with a read event; transaction identification numbers; type, date/time
and location of a read event; direction of border crossing (entry or
exit); and equipment identification numbers involved in the read event.
4. Border crossing history information consists of the composition of
information from the other three categories of information into a border
crossing event that is communicated to other DHS systems which support
the US-VISIT Program, such as TECS and the Arrival and Departure
Information System (ADIS).
Authority for maintenance of the system:
8 U.S.C. 1187, 1221, 1722, 1731.
Purpose (s) of the System:
The AIDMS system will provide the capability to automatically,
passively, and remotely record the entry and exit of covered individuals
using Radio Frequency Identification (RFID) tags. The RFID tag will be
embedded in the I-94 Arrival/Departure forms, and will use a unique ID
number embedded in the tag to associate the data on the form I-94 with
the tag. After the tag-enabled form I-94 is issued to an individual, the
ID number will be used as a pointer to the individual's biographic
information located in the TECS database maintained by CBP. Biometric
information, if applicable, is contained in the Automated Biometric
Identification System (IDENT) maintained by US-VISIT. When the
individual passes through the entry and exit lanes of a POE, the ID
number will be read and used to retrieve the individual's immigration
information for use in the entry and exit inspection processes by CBP
officers.
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To appropriate government agencies or organizations (regardless of
whether they are Federal, state, local, foreign, or tribal), lawfully
engaged in collecting law enforcement (whether civil, criminal, or
administrative) or intelligence information and/or charged with
investigating, prosecuting, enforcing, or implementing civil and/or
criminal laws, related rules, regulations, or orders, to enable these
entities to carry out their law enforcement and intelligence
responsibilities.
B. In a proceeding before a court, grand jury, or adjudicative body when
records are determined by the Department of Homeland Security to be
arguably relevant to the proceeding where any of the following is a
party: (1) The DHS, or any DHS component, or subdivision thereof; (2)
any DHS employee in his or her official capacity; (3) any DHS employee
in his or her individual capacity when the DHS has agreed to represent
the employee or has authorized a private attorney to represent him or
her; and (4) the United States, where the DHS or its components are
likely to be affected.
C. To a Member of Congress or staff acting on the Member's behalf when
the Member or staff requests the information on behalf of and at the
request of the individual who is the subject of the record.
D. To the National Archives and Records Administration or other Federal
government agencies in records management inspections conducted under
the authority of 44 U.S.C. 2904 and 2906.
E. To the news media and the public when there exists a legitimate
public interest in the disclosure of the information or when disclosure
is necessary to preserve confidence in the integrity of the Department
or is necessary to demonstrate the accountability of the Department's
officers, employees, or individuals covered by the system, except to the
extent it is determined that release of the specific information in the
context of a particular case would constitute an unwarranted invasion of
personal privacy.
F. To contractors, grantees, experts, consultants, students, and others
performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the Federal government, when
necessary to accomplish an agency function related to this system of
records.
G. To an agency, organization, or individual for the purposes of
performing authorized audit or oversight operations.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
AIDMS electronic records are temporarily stored in systems (including,
but not limited to, electronic readers, databases, servers,
workstations, and message queues) at land border POEs and at principally
stored at the primary AIDMS records database at the DHS Data Center in
Ashburn, Virginia.
Retrievability:
Information may be searched and retrieved based on various data
elements, including, but not limited to: RFID tag number, traveler
identification number, transaction number, and name of covered
individual.
Safeguards:
Information in this system is safeguarded in accordance with applicable
laws and policies, including the DHS Information Technology Security
Program Handbook. All records are protected from unauthorized access
through appropriate administrative, physical, and technical safeguards.
These safeguards include restricting access to authorized personnel who
have a need-to-know, using locks, and password protection identification
features. The system is also protected through a multi-layer security
approach. The protective strategies are physical, technical,
administrative and environmental in nature and provide access control to
sensitive data, physical access control to DHS facilities,
confidentiality of communications, authentication of sending parties,
and personnel screening to ensure that all personnel with access to data
are screened through background investigations commensurate with the
level of access required to perform their duties.
Retention and disposal:
The information that resides in the AIDMS is temporary and is retained
only as long as needed to process a covered individual's land border
crossing and to transfer the crossing information to existing DHS
systems. US-VISIT is working with the U.S. National Archives and Records
Administration (NARA) to develop a retention schedule.
System manager(s) and address:
Program Manager, AIDMS Program Management Office, US-VISIT Program,
Border and Transportation Security, U.S. Department of Homeland
Security, Washington, DC 20528, USA.
Notification Procedures:
To determine whether this system contains records relating to you, write
to the US-VISIT Privacy Officer, US-VISIT Program, Border and
Transportation Security, U.S. Department of Homeland Security, 245
Murray Lane SW., Washington, DC 20528, USA.
Record access procedures:
Requests for access, confirmation, or data correction must be in writing
and should be addressed to the US-VISIT Privacy Officer above. Requests
should conform to the requirements of 6 CFR part 5, subpart B, which
provides the rules for requesting access to Privacy Act records
maintained by DHS. The envelope and letter should be clearly marked
``Privacy Act Access Request.'' The request should include a general
description of the records sought and must include the requester's full
name, current address, and date and place of birth. The request must be
signed and either notarized or submitted under penalty of perjury.
Contesting record procedures:
Same as ``Notification Procedures'' and ``Record Access Procedures,''
above.
Record source categories:
The records in this system come directly from the RFID tag embedded in
the I-94 Arrival/Departure forms, information located in the TECS
database maintained by CBP, and information captured directly from the
covered individual. Each RFID tag will use a unique ID number embedded
in the tag to associate the I-94 holders with the tag. After the tag-
enabled I-94 is issued to an individual, the ID number will be used as a
pointer to the individual's biographic information located in the TECS
database. When the individual passes through the entry and exit lanes of
a POE, the ID number will be read and used to retrieve the individual's
immigration information for use in the entry and exit inspection
processes by CBP officers.
Exemptions Claimed for the System:
None.