Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S. Customs and Border Protection-009 Electronic System for Travel Authorization System of Records

AGENCY:

Privacy Office, DHS.

ACTION:

Final rule.

SUMMARY:

The Department of Homeland Security is issuing a final rule to amend its regulations to exempt portions of a Department of Homeland Security U.S. Customs and Border Protection system of records entitled the “Department of Homeland Security U.S. Customs and Border Protection—009 Electronic System for Travel Authorization System of Records” from certain provisions of the Privacy Act. Specifically, the Department exempts portions of the Department of Homeland Security U.S. Customs and Border Protection—009 Electronic System for Travel Authorization system from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

DATES:

Effective Date: This final rule is effective August 31, 2009.

FOR FURTHER INFORMATION CONTACT:

For general questions please contact: Laurence E. Castelli (202-325-0280), Chief, Privacy Act Policy and Procedures Branch, U.S. Customs and Border Protection, Office of International Trade, Regulations & Rulings, Mint Annex, 799 Ninth Street, NW., Washington, DC 20001-4501. For privacy issues contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

Background

The Department of Homeland Security (DHS) published a notice of proposed rulemaking in the Federal Register, 73 FR 32657, June 10, 2008, proposing to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements. The system of records is the DHS/U.S. Customs and Border Protection (CBP)—009 Electronic System for Travel Authorization system. The DHS/CBP—009 Electronic System for Travel Authorization system of records notice was published concurrently in the Federal Register, 73 FR 32720, June 10, 2008, and comments were invited on both the notice of proposed rulemaking and system of records notice. No comments were received.

Public Comments

DHS received no comments on the notice of proposed rulemaking or the system of records notice. DHS will implement the rulemaking as proposed.

List of Subjects in 6 CFR Part 5

• Freedom of information
• Privacy

For the reasons stated in the preamble, DHS amends Chapter I of Title 6, Code of Federal Regulations, as follows:

PART 5—DISCLOSURE OF RECORDS AND INFORMATION

1. The authority citation for Part 5 continues to read as follows:

Authority: Public Law 107-296, 116 Stat. 2135, 6 U.S.C. 101 et seq.; 5 U.S.C. 301. Subpart A also issued under 5 U.S.C. 552. Subpart B also issued under 5 U.S.C. 552a.

2. Add at the end of Appendix C to Part 5, Exemption of Record Systems under the Privacy Act, the following new paragraph “20”:

Appendix C to Part 5—DHS Systems of Records Exempt From the Privacy Act

20. The DHS/CBP—009 Electronic System for Travel Authorization system of records consists of electronic and paper records and will be used by DHS and it's Components. The DHS/CBP—009 Electronic System for Travel Authorization system is a repository of information held by DHS in connection with its several and varied missions and functions, including, but not limited to: The enforcement of civil and criminal laws; investigations, inquiries, and proceedings thereunder; and national security and intelligence activities. The DHS/CBP—009 Electronic System for Travel Authorization system contains information that is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other Federal, State, local, tribal, foreign, or international government agencies. The Secretary of Homeland Security has exempted this system from the following provisions of the Privacy Act, subject to the limitations set forth in 5 U.S.C. 552a(c)(3), (e)(8), and (g) pursuant to 5 U.S.C. 552a(j)(2), and (k)(2). Further, no exemption shall be asserted with respect to information maintained in the system as it relates to data submitted by or on behalf of a person who travels to visit the United States and crosses the border, nor shall an exemption be asserted with respect to the resulting determination (approval or denial). After conferring with the appropriate component or agency, DHS may waive applicable exemptions in appropriate circumstances and where it would not appear to interfere with or adversely affect the law enforcement purposes of the systems from which the information is recompiled or in which it is contained. Exemptions from the above particular subsections are justified, on a case-by-case basis to be determined at the time a request is made, when information in this system of records may impede a law enforcement or national security investigation:

(a) From subsection (c)(3) (Accounting for Disclosure) because making available to a record subject the accounting of disclosures from records concerning him or her would specifically reveal any investigative interest in the individual. Revealing this information could reasonably be expected to compromise ongoing efforts to investigate a violation of U.S. law, including investigations of a known or suspected terrorist, by notifying the record subject that he or she is under investigation. This information could also permit the record subject to take measures to impede the investigation, e.g., destroy evidence, intimidate potential witnesses, or flee the area to avoid or impede the investigation.

(b) From subsection (e)(8) (Notice on Individuals) because to require individual notice of disclosure of information due to compulsory legal process would pose an impossible administrative burden on DHS and other agencies and could alert the subjects of counterterrorism or law enforcement investigations to the fact of those investigations when not previously known.

(c) From subsection (g) (Civil Remedies) to the extent that the system is exempt from other specific subsections of the Privacy Act.