Privacy Act of 1974: Implementation of Exemptions

AGENCY:

Privacy Office, DHS.

ACTION:

Notice of proposed rulemaking.

SUMMARY:

The Department of Homeland Security is concurrently establishing three new systems of records pursuant to the Privacy Act of 1974. In this proposed rulemaking, DHS proposes to exempt portions of two of those systems of records from one or more provisions of the Privacy Act because of criminal, civil and administrative enforcement requirements.

DATES:

Comments must be received on or before January 5, 2005.

ADDRESSES:

You may submit comments, identified by docket number DHS-2004-0016, by one of the following methods:

• EPA Federal Partner EDOCKET Web site: http://www.epa.gov/feddocket. Follow instructions for submitting comments on the Web site.
• DHS has joined the Environmental Protection Agency (EPA) online public docket and comment system on its Partner Electronic Docket System (Partner EDOCKET). DHS and its components (excluding the United States Coast Guard (USCG) and Transportation Security Administration (TSA)) will use the EPA Federal Partner EDOCKET system. The USCG and TSA (which are legacy Department of Transportation (DOT) agencies) will continue to use the DOT Docket Management System until full migration to the electronic rulemaking federal docket management system in 2005.
• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: 202-772-5036 (This is not a toll-free number).
• Mail: Department of Homeland Security, Attn: Privacy Office/Nuala O'Connor Kelly, Chief Privacy Officer/202-772-9848, Washington, DC 20528.
• Hand Delivery / Courier: Department of Homeland Security, Attn: Privacy Office/Nuala O'Connor Kelly, Chief Privacy Officer/202-772-9848, Anacostia Navel Annex, 245 Murray Lane, SW, Building 410, Washington, DC 20528, 7:30 a.m. to 4 p.m.

Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.epa.gov/feddocket,, including any personal information provided.

Docket: For access to the docket to read background documents or comments received, go to http://www.epa.gov/feddocket. You may also access the Federal eRulemaking Portal at http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Nuala O'Connor Kelly, DHS Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528 by phone 202-772-9848 or facsimile 202-772-5036.

SUPPLEMENTARY INFORMATION:

Background

Concurrently with the publication of this notice of proposed rulemaking, the Department of Homeland Security (DHS) is publishing a Notice establishing three new systems of records that are subject to the Privacy Act of 1974, 5 U.S.C. 552a. DHS is proposing to exempt two of those systems, in part, from certain provisions of the Privacy Act. Those systems are the DHS Freedom of Information Act and Privacy Act Records System (DHS/ALL 001), which will contain records related to requests and appeals made under the Freedom of Information Act, 5 U.S.C. 552, and the Privacy Act; and the Civil Rights and Civil Liberties Matters System (DHS-CRCL-001), which will cover allegations of abuses of civil rights and civil liberties that are submitted to and investigated by the DHS Officer for Civil Rights and Civil Liberties.

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses and disseminates personally identifiable information. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. Individuals may request their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations, 6 CFR part 5.

The Homeland Security Act of 2002 requires the Secretary of DHS to appoint a senior official to oversee implementation of the Privacy Act and to undertake other privacy-related activities. Pub. L. 107-296, § 222, 116 Stat. 2135, 2155 (Nov. 25, 2002) (HSA). The systems of records being published today help to carry out the DHS Chief Privacy Officer's statutory activities.

The Privacy Act requires each agency to publish in the Federal Register a description of the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency recordkeeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist individuals to more easily find such files within the agency.

The Privacy Act allows government agencies to exempt certain records from the access and amendment provisions. If an agency claims an exemption, however, it must issue a Notice of Proposed Rulemaking to make clear to the public the reasons why a particular exemption is claimed. DHS is claiming exemption from certain requirements of the Privacy Act. In the case of DHS/All 001, which consists of Freedom of Information Act and Privacy Act request, appeals and litigation records, it is possible that the information in the record system may be copied from record systems that pertain to national security or law enforcement matters. In such cases, allowing access to the information that is derived from these files could alert the subject of the information to an investigation of an actual or potential criminal, civil, or regulatory violation and reveal investigative interest on the part of DHS or another agency. Disclosure of the information would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the information would also permit the individual who is the subject of a record to impede the investigation and avoid detection or apprehension, which undermines the entire system. This exemption is a standard law enforcement and national security exemption utilized by numerous law enforcement and intelligence agencies. Similarly, the records in the Civil Rights and Civil Liberties System of Records may reflect sensitive law enforcement or national security matters, the disclosure of which would result in comparable harms.

List of Subjects in 6 CFR Part 5

• Classified information; Courts; Freedom of information; Government employees; Privacy

For the reasons stated in the preamble, DHS proposes to amend Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5—DISCLOSURE OF RECORDS AND INFORMATION

1. The authority citation for Part 5 continues to read as follows:

Authority: Pub. L. 107-296, 116 Stat. 2135, 6 U.S.C. 101 et seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. Subpart B also issued under 5 U.S.C. 552a.

2. Add Appendix C to Part 5 to read as follows:

Appendix C to Part 5—DHS Systems of Records Exempt from the Privacy Act

This Appendix implements provisions of the Privacy Act of 1974 that permit the Department of Homeland Security (DHS) to exempt its systems of records from provisions of the Act. During the course of normal agency operations, exempt materials from other systems of records may become part of the records in these and other DHS systems. To the extent that copies of records from other exempt systems of records are entered into any DHS system, DHS hereby claims the same exemptions for those records that are claimed for the original primary systems of records from which they originated and claims any additional exemptions in accordance with this rule.

Portions of the following DHS systems of records are exempt from certain provisions of the Privacy Act pursuant to 5 U.S.C. 552(j) and (k):

1. DHS/ALL 001, Department of Homeland Security (DHS) Freedom of Information Act (FOIA) and Privacy Act (PA) Record System allows the DHS and its components to maintain and retrieve FOIA and Privacy Act files by personal identifiers associated with the persons submitting requests for information under each statute. Pursuant to exemptions (j)(2), (k)(1), (k)(2) and (k)(5) of the Privacy Act, portions of this system are exempt from 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), (H) and (I). Exemptions from the particular subsections are justified, on a case by case basis to be determined at the time a request is made, for the following reasons:

(a) From subsection (c)(3) (Accounting for Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of the investigation and reveal investigative interest on the part of DHS as well as the recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also permit the individual who is the subject of a record to impede the investigation and avoid detection or apprehension, which undermines the entire system.

(b) From subsection (d) (Access to Records) because access to the records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of the investigation and reveal investigative interest on the part of DHS or another agency. Access to the records would permit the individual who is the subject of a record to impede the investigation and avoid detection or apprehension. Amendment of the records would interfere with ongoing investigations and law enforcement activities and impose an impossible administrative burden by requiring investigations to be continuously reinvestigated. The information contained in the system may also include properly classified information, the release of which would pose a threat to national defense and/or foreign policy. In addition, permitting access and amendment to such information also could disclose security-sensitive information that could be detrimental to homeland security.

(c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations into potential violations of federal law, the accuracy of information obtained or introduced, occasionally may be unclear or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective enforcement of federal laws, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.

(d) From subsections (e)(4)(G), (H) and (I) (Agency Requirements), and (f) (Agency Rules), because portions of this system are exempt from the access provisions of subsection (d).

2. DHS-CRCL-001, Civil Rights and Civil Liberties Matters, which will cover allegations of abuses of civil rights and civil liberties that are submitted to the Office of CRCL. Pursuant to exemptions (k)(1), (k)(2) and (k)(5) of the Privacy Act, portions of this system are exempt from 5 U.S.C. 552a(c)(3); (d); (e)(1); (e)(4)(G), (H) and (I). Exemptions from the particular subsections are justified, on a case by case basis to be determined at the time a request is made, for the following reasons:

(a) From subsection (c)(3) (Accounting for Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of the investigation and reveal investigative interest on the part of DHS or another agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and efforts to preserve national security. Disclosure of the accounting would also permit the individual who is the subject of a record to impede the investigation and avoid detection or apprehension, which undermines the entire system.

(b) From subsection (d) (Access to Records) because access to the records contained in this system of records could inform the subject of an investigation of an actual or potential criminal, civil, or regulatory violation to the existence of the investigation and reveal investigative interest on the part of DHS as well as the recipient agency. Access to the records would permit the individual who is the subject of a record to impede the investigation and avoid detection or apprehension. Amendment of the records would interfere with ongoing investigations and law enforcement activities and impose an impossible administrative burden by requiring investigations to be continuously reinvestigated. The information contained in the system may also include properly classified information, the release of which would pose a threat to national defense and/or foreign policy. In addition, permitting access and amendment to such information also could disclose security-sensitive information that could be detrimental to homeland security.

(c) From subsection (e)(1) (Relevancy and Necessity of Information) because in the course of investigations into potential violations of federal law, the accuracy of information obtained or introduced, occasionally may be unclear or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective enforcement of federal laws, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.

(d) From subsections (e)(4)(G), (H) and (I) (Agency Requirements), and (f) (Agency Rules), because this system is exempt from the access provisions of subsection (d).